ffc05695bb7ec54427c2a47a87be83fb229aedf026daf7270e2135ca4c0b9da6

Analysis

max time kernel
127s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22/08/2023, 22:55

Target

ffc05695bb7ec54427c2a47a87be83fb229aedf026daf7270e2135ca4c0b9da6.dll
Size

51KB
MD5

cb0b23bbe21ca4c3d2812145638ebb94
SHA1

a9b73fa133581607702f28c210e6441536d055dd
SHA256

ffc05695bb7ec54427c2a47a87be83fb229aedf026daf7270e2135ca4c0b9da6
SHA512

ec1628019c7c234b8a0075ed27f95c83418a3b8e10cf7bd71870c13c9750e54d39ea652ee4bf41ee8a008650c1a4ed5d0b15d56037e5094a1743ca90568b3d31
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL+qJYH5:1dWubF3n9S91BF3fboxJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2780	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2780	2660	rundll32.exe	28
PID 2660 wrote to memory of 2780	2660	rundll32.exe	28
PID 2660 wrote to memory of 2780	2660	rundll32.exe	28
PID 2660 wrote to memory of 2780	2660	rundll32.exe	28
PID 2660 wrote to memory of 2780	2660	rundll32.exe	28
PID 2660 wrote to memory of 2780	2660	rundll32.exe	28
PID 2660 wrote to memory of 2780	2660	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc05695bb7ec54427c2a47a87be83fb229aedf026daf7270e2135ca4c0b9da6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc05695bb7ec54427c2a47a87be83fb229aedf026daf7270e2135ca4c0b9da6.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2780