6a4a2da2a488b04528aa76b218ec0eb9c0fa142ba6a78507cb5ffd3c0f526923

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 23:07

Target

6a4a2da2a488b04528aa76b218ec0eb9c0fa142ba6a78507cb5ffd3c0f526923.dll
Size

51KB
MD5

4b76f08ee020beea17c63e33ac885605
SHA1

fc42014d088174437c61807c65be4c3397aa54d8
SHA256

6a4a2da2a488b04528aa76b218ec0eb9c0fa142ba6a78507cb5ffd3c0f526923
SHA512

72cb2885d4032263585536afb45b5dc59761adea4ede7f5b7de0d09798f20d590bebe032c3bff26d7e88cf290d43c69b5e7793d15ed69cea617cd2b4bdc28412
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL+UJYH5:1dWubF3n9S91BF3fboHJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2148	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2148	1880	rundll32.exe	28
PID 1880 wrote to memory of 2148	1880	rundll32.exe	28
PID 1880 wrote to memory of 2148	1880	rundll32.exe	28
PID 1880 wrote to memory of 2148	1880	rundll32.exe	28
PID 1880 wrote to memory of 2148	1880	rundll32.exe	28
PID 1880 wrote to memory of 2148	1880	rundll32.exe	28
PID 1880 wrote to memory of 2148	1880	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a4a2da2a488b04528aa76b218ec0eb9c0fa142ba6a78507cb5ffd3c0f526923.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a4a2da2a488b04528aa76b218ec0eb9c0fa142ba6a78507cb5ffd3c0f526923.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2148