38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 05:05

Target

38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef.dll
Size

12KB
MD5

67b9d09134d7df3e3dd1ee35f60a6d4d
SHA1

45eda1306d62b6799d1ba8baca1be2afae2a9e95
SHA256

38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef
SHA512

da5a8105156a87dd677894a5f73a000329c08106af2477b3052b780c3c8523b244725aca690d1490590e24c3bb0bc0efa5a37e19fb3d737af468862223c60b6e
SSDEEP

384:9hF6VogOxpjamJoww60CCdUiSA/Xf8ygIJx7ShE:rES9jDql7XZgIum

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2044	rundll32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\aksuser.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\aksuser.dll	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:2044

\Windows\SysWOW64\aksuser.dll

Filesize
4KB

MD5
9c67f6bbda3881cfd02095160cf91576

SHA1
80de7475e91692dc5bead2cac98f74c1073cd93e

SHA256
6ce97c6f0ad8be183de935a7aab7d46821e8de9e55a4bff54acb49d056826a94

SHA512
eebbd6d0d4f50fbb8ee9e9a7976d06fb6796cce657187c8a1254ca1cf5040ec39cc5b4faed6a8bf79d38e051c9de46b87c38e2318704ae4bef2c2a50e06004d2

Download Submit
memory/2044-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download