dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 08:18

Target

dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll
Size

899KB
MD5

c9423813bbc567262f58b025711e73b2
SHA1

a50e94d107de3fd432115048807e32deec01006b
SHA256

dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530
SHA512

a84f427f90226b5b41880ba2ecc7ecafafe32bf3d3d82fcc1a8eed3e19e1e42125e10becb521456fd026a9d0b8dcde46c20624e02afefe223c692b146971d3ed
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXA:7wqd87VA

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

Processes:

rundll32.exe

pid process

2924 rundll32.exe

pid	process
2924	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 540 wrote to memory of 2924	540	rundll32.exe	rundll32.exe
PID 540 wrote to memory of 2924	540	rundll32.exe	rundll32.exe
PID 540 wrote to memory of 2924	540	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:540

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll,#1
2⤵
- Suspicious behavior: RenamesItself
PID:2924