1bc835a8a94f69d140fdbed33505a9ebfc5f02e8d9c591402f4001e3f6a1c21c

Analysis

max time kernel
134s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 18:20

Target

1bc835a8a94f69d140fdbed33505a9ebfc5f02e8d9c591402f4001e3f6a1c21c.dll
Size

50KB
MD5

9455584ffcc50ade98d29cd9a22d6eb4
SHA1

b9029fbf345c78eac5f6780f53cf1e040be562b9
SHA256

1bc835a8a94f69d140fdbed33505a9ebfc5f02e8d9c591402f4001e3f6a1c21c
SHA512

47810db37f9036e34c69a3704db7780945175244f2ff67a0a27d4346e7a2339237fd3014f8ad44cc42fbd0bedb3713d8fd824316d849c050f4c4ac85af3d4eee
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5vJYH:W5ReWjTrW9rNPgYo9JYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3904	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 3904	3148	rundll32.exe	86
PID 3148 wrote to memory of 3904	3148	rundll32.exe	86
PID 3148 wrote to memory of 3904	3148	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc835a8a94f69d140fdbed33505a9ebfc5f02e8d9c591402f4001e3f6a1c21c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc835a8a94f69d140fdbed33505a9ebfc5f02e8d9c591402f4001e3f6a1c21c.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3904