b4a67009e8d652bf149858503f8b1f21d203d8aae3aff6f733d5f0252bd357d0

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28-08-2023 01:22

Target

b4a67009e8d652bf149858503f8b1f21d203d8aae3aff6f733d5f0252bd357d0.dll
Size

50KB
MD5

58cf11ea92324dde7cb6e62adff4376c
SHA1

3a7df6e547665cab3fdf245a2cb865348646b60e
SHA256

b4a67009e8d652bf149858503f8b1f21d203d8aae3aff6f733d5f0252bd357d0
SHA512

a5763a20c39e10a5caa59e7c899effbac6ea5a0188aaf5ed4495589ff879c92ed67e550b6533e4429d46fc9ffca839cb510c76c0653747db0e404b6e9d9ad167
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5AJYH:W5ReWjTrW9rNPgYouJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1756	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1756	2312	rundll32.exe	28
PID 2312 wrote to memory of 1756	2312	rundll32.exe	28
PID 2312 wrote to memory of 1756	2312	rundll32.exe	28
PID 2312 wrote to memory of 1756	2312	rundll32.exe	28
PID 2312 wrote to memory of 1756	2312	rundll32.exe	28
PID 2312 wrote to memory of 1756	2312	rundll32.exe	28
PID 2312 wrote to memory of 1756	2312	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4a67009e8d652bf149858503f8b1f21d203d8aae3aff6f733d5f0252bd357d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4a67009e8d652bf149858503f8b1f21d203d8aae3aff6f733d5f0252bd357d0.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1756