961da7946852b4e5b7a70b9fefa4f3804409edc5322af26487c2b28cb316978f

Analysis

max time kernel
142s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 11:38

Target

e1930e494e92619b132de80ab7027f0e.dll
Size

24KB
MD5

e1930e494e92619b132de80ab7027f0e
SHA1

d1e0032d98528ea90a95ffadb0ce56cf8f1a9c4a
SHA256

961da7946852b4e5b7a70b9fefa4f3804409edc5322af26487c2b28cb316978f
SHA512

4a4aa6bc817cacfa7b68cb194bc2f4d2ceb960bc41626c21136b25b9b33d5cc17426c8e465fea5d9e3eee3fc066b12f11b64a97a97b6114e0ced8bdb9f3b6d2c
SSDEEP

384:2RCJ8mkOMEPbqqCs3x6d0dZdvqS0zktoKYEF2At/jlpUuVbdj09GXNwf9wdEUSqL:HJ5zdDxF3e0dPf0zyd1t/XBVpXNwf91+

Score

4^/10

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\linkinfo.dll972828355	rundll32.exe
File created	C:\Windows\linkinfo.dll	rundll32.exe
File created	C:\Windows\twain_86.dll	rundll32.exe
File opened for modification	C:\Windows\clbcatq.dll326516365	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 624	832	rundll32.exe	85
PID 832 wrote to memory of 624	832	rundll32.exe	85
PID 832 wrote to memory of 624	832	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1930e494e92619b132de80ab7027f0e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1930e494e92619b132de80ab7027f0e.dll,#1
  2⤵
  - Drops file in Windows directory
  PID:624

memory/624-0-0x0000000013140000-0x000000001314A000-memory.dmp

Filesize
40KB

Download
memory/624-1-0x0000000013140000-0x000000001314A000-memory.dmp

Filesize
40KB

Download
memory/624-3-0x0000000013140000-0x000000001314A000-memory.dmp

Filesize
40KB

Download