0aa0d7134a663076c36943bfd468d68c3e7b7b716af2d8c8c05955d86b5127e4

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
25/08/2023, 09:06

Target

0aa0d7134a663076c36943bfd468d68c3e7b7b716af2d8c8c05955d86b5127e4.dll
Size

51KB
MD5

370e6bb0256641f2a3a4b54766bc87e4
SHA1

29b4bf6f54a93a3e3f724e901255b684ac8593cb
SHA256

0aa0d7134a663076c36943bfd468d68c3e7b7b716af2d8c8c05955d86b5127e4
SHA512

2d747790ad6d29f607bd4cd2d68cc4e97d30dc0268c11f79feccdec5639db6fc74c9ab32632c114bfa09b5ec6c531446207769f95aa86079de2538868951be1a
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLvJYH5:1dWubF3n9S91BF3fboLJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1960	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1960	2040	rundll32.exe	28
PID 2040 wrote to memory of 1960	2040	rundll32.exe	28
PID 2040 wrote to memory of 1960	2040	rundll32.exe	28
PID 2040 wrote to memory of 1960	2040	rundll32.exe	28
PID 2040 wrote to memory of 1960	2040	rundll32.exe	28
PID 2040 wrote to memory of 1960	2040	rundll32.exe	28
PID 2040 wrote to memory of 1960	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0aa0d7134a663076c36943bfd468d68c3e7b7b716af2d8c8c05955d86b5127e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0aa0d7134a663076c36943bfd468d68c3e7b7b716af2d8c8c05955d86b5127e4.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1960