cb240a35ea3689b8d26ad881c3aefd817ca3f37db8a7158dea41459712a105a3

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
18-11-2023 03:41

Target

cb240a35ea3689b8d26ad881c3aefd817ca3f37db8a7158dea41459712a105a3.dll
Size

51KB
MD5

0e50ff0218248bd9bbad8121dda27c04
SHA1

702d65eebfa3d0b9cd85efeef2858342ac5af8f3
SHA256

cb240a35ea3689b8d26ad881c3aefd817ca3f37db8a7158dea41459712a105a3
SHA512

cb5f658f68f45605183fbe1a0c1bb9633ba994284d9e244d88d849cd1265914f8c9e5e869b46479a813bc2ffe9f568b4a61851ada23bc335aae0b65779f3fb7a
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLvJYH5:1dWubF3n9S91BF3fborJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2588	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2588	2780	rundll32.exe	28
PID 2780 wrote to memory of 2588	2780	rundll32.exe	28
PID 2780 wrote to memory of 2588	2780	rundll32.exe	28
PID 2780 wrote to memory of 2588	2780	rundll32.exe	28
PID 2780 wrote to memory of 2588	2780	rundll32.exe	28
PID 2780 wrote to memory of 2588	2780	rundll32.exe	28
PID 2780 wrote to memory of 2588	2780	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb240a35ea3689b8d26ad881c3aefd817ca3f37db8a7158dea41459712a105a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb240a35ea3689b8d26ad881c3aefd817ca3f37db8a7158dea41459712a105a3.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2588