d5ec06388fafba2948ad6a353f84292e3cc5cc41d411f7e6c4f4a5b184a0e19d

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22-08-2023 23:00

Target

d5ec06388fafba2948ad6a353f84292e3cc5cc41d411f7e6c4f4a5b184a0e19d.dll
Size

51KB
MD5

6179bb11c16d351ae7dc9d59ab5c1306
SHA1

fd113327301627524d49e94e88f5bcf627bda94e
SHA256

d5ec06388fafba2948ad6a353f84292e3cc5cc41d411f7e6c4f4a5b184a0e19d
SHA512

e2e46b02d9fd368b10b7d7bfde95165ad76b30f7ed0a9c4c16eff08f313c175dd168c2c7e08f9be8ea121cdb5ed665f0cc2e59cc043ab8c8e44494bbf243301f
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezGsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBlpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2428	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2428	2400	rundll32.exe	29
PID 2400 wrote to memory of 2428	2400	rundll32.exe	29
PID 2400 wrote to memory of 2428	2400	rundll32.exe	29
PID 2400 wrote to memory of 2428	2400	rundll32.exe	29
PID 2400 wrote to memory of 2428	2400	rundll32.exe	29
PID 2400 wrote to memory of 2428	2400	rundll32.exe	29
PID 2400 wrote to memory of 2428	2400	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5ec06388fafba2948ad6a353f84292e3cc5cc41d411f7e6c4f4a5b184a0e19d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5ec06388fafba2948ad6a353f84292e3cc5cc41d411f7e6c4f4a5b184a0e19d.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2428