2bb05ad51c416addfacaa96e27e3fa9cb5c8a2ccf902ae5c53fb9c13c88108aa

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 06:58

Target

2bb05ad51c416addfacaa96e27e3fa9cb5c8a2ccf902ae5c53fb9c13c88108aa.dll
Size

51KB
MD5

b0165f1c2fea99c3b77074ac56900ca0
SHA1

79d91c7724d1b17e23f5632415773b30f50cfd7c
SHA256

2bb05ad51c416addfacaa96e27e3fa9cb5c8a2ccf902ae5c53fb9c13c88108aa
SHA512

d52dad8d6fd34eb8fd052368974e80012aeb56a58cf437d3cdca1567cee0c9750c94cc3002e6bffd04adbdf8661b772a02e5de0eca37d83ad2cb4dcd26397f72
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLYJYH5:1dWubF3n9S91BF3fboMJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
664	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 664	116	rundll32.exe	87
PID 116 wrote to memory of 664	116	rundll32.exe	87
PID 116 wrote to memory of 664	116	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bb05ad51c416addfacaa96e27e3fa9cb5c8a2ccf902ae5c53fb9c13c88108aa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bb05ad51c416addfacaa96e27e3fa9cb5c8a2ccf902ae5c53fb9c13c88108aa.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:664