5ece9be1f1d0a5212872ec6b7b8dbe2c3da0dc13ed98bad3a7ea6c8b1e0a46a0

Analysis

max time kernel
146s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 19:03

Target

5ece9be1f1d0a5212872ec6b7b8dbe2c3da0dc13ed98bad3a7ea6c8b1e0a46a0.dll
Size

51KB
MD5

4ee9ffe830d53feac66e82ec3032910c
SHA1

1e86b5ace1a21858851a070b74304ece22495634
SHA256

5ece9be1f1d0a5212872ec6b7b8dbe2c3da0dc13ed98bad3a7ea6c8b1e0a46a0
SHA512

36b6d924dd72609467d14f6a0afccabca06bc657e0d4ba003a3345c134b04eee262f3c926352159f2b3a2bd0979df841195b224e303283b76a1472074690b686
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLMJYH5:1dWubF3n9S91BF3fbogJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3392	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 3392	1792	rundll32.exe	87
PID 1792 wrote to memory of 3392	1792	rundll32.exe	87
PID 1792 wrote to memory of 3392	1792	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ece9be1f1d0a5212872ec6b7b8dbe2c3da0dc13ed98bad3a7ea6c8b1e0a46a0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ece9be1f1d0a5212872ec6b7b8dbe2c3da0dc13ed98bad3a7ea6c8b1e0a46a0.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3392