907194e76989c7a4cd131c0bad3ea0f516389a0cd6b4eba9c680c1b3cb4efaab

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 01:15

Target

907194e76989c7a4cd131c0bad3ea0f516389a0cd6b4eba9c680c1b3cb4efaab.dll
Size

132KB
MD5

5624a8ec9ee83658c10f6f931aa771ae
SHA1

24b36b05c80850a383c7246e83921516fbfeb17e
SHA256

907194e76989c7a4cd131c0bad3ea0f516389a0cd6b4eba9c680c1b3cb4efaab
SHA512

88d1edca9c23d8c09b32a78964e1014b297a6775b0ef6a8e619291f4e4e0d4eae17d5c8c1e845b7ebe48cb9f2e9586e345b39294334c3c5a76ca3bb5bb78b6dc
SSDEEP

3072:7vLvWZR9sR+jpxW4nEY5gKnZbxKpIU232XJgobGLS/a:HyR9sR+jpxXnv5g4nKpRGLS/

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ormsgse.axz	rundll32.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1168	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27
PID 1832 wrote to memory of 1168	1832	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\907194e76989c7a4cd131c0bad3ea0f516389a0cd6b4eba9c680c1b3cb4efaab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\907194e76989c7a4cd131c0bad3ea0f516389a0cd6b4eba9c680c1b3cb4efaab.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: RenamesItself
  PID:1168

memory/1168-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download