9d0458aab62b79b54ca105b9af0030c17ad8bcfdbb7a06a3679437f9c17d2092

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26/08/2023, 13:48

Target

9d0458aab62b79b54ca105b9af0030c17ad8bcfdbb7a06a3679437f9c17d2092.dll
Size

50KB
MD5

577abb4a8bef8ac767e31dc6d161f55a
SHA1

8df0062f0ee8cbceda034c5149f6f5d145072a04
SHA256

9d0458aab62b79b54ca105b9af0030c17ad8bcfdbb7a06a3679437f9c17d2092
SHA512

eb0800ef68b7a557e6d68e58b1191e972778a1ec6c66bd1828b98150624be2a53da60f8da54b64fc726178210294f82b52c16166b380c9019d0aa9ad5cc70f0d
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5OJYH:W5ReWjTrW9rNPgYooJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2484	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2484	2460	rundll32.exe	28
PID 2460 wrote to memory of 2484	2460	rundll32.exe	28
PID 2460 wrote to memory of 2484	2460	rundll32.exe	28
PID 2460 wrote to memory of 2484	2460	rundll32.exe	28
PID 2460 wrote to memory of 2484	2460	rundll32.exe	28
PID 2460 wrote to memory of 2484	2460	rundll32.exe	28
PID 2460 wrote to memory of 2484	2460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d0458aab62b79b54ca105b9af0030c17ad8bcfdbb7a06a3679437f9c17d2092.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d0458aab62b79b54ca105b9af0030c17ad8bcfdbb7a06a3679437f9c17d2092.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2484