c9dd941acde9d2d745f938c87fca539199d3782362194aa702a7821aaf2b7afd

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
18/11/2023, 03:57

Target

c9dd941acde9d2d745f938c87fca539199d3782362194aa702a7821aaf2b7afd.dll
Size

899KB
MD5

4572ba2668c92d8da7aaa83b75b3a72f
SHA1

63bfe350fea8f7eb8a9dee7107029a4388f0f755
SHA256

c9dd941acde9d2d745f938c87fca539199d3782362194aa702a7821aaf2b7afd
SHA512

885f77ed3838ea1dcd0e0e1aeea43027bad5a32b09192e659ddfc54f399808cd57a91620ac79138390565d6b83af0088079e9f6e7b4c69f67dcd7ae2c63c8833
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXe:7wqd87Ve

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2028	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2028	2384	rundll32.exe	27
PID 2384 wrote to memory of 2028	2384	rundll32.exe	27
PID 2384 wrote to memory of 2028	2384	rundll32.exe	27
PID 2384 wrote to memory of 2028	2384	rundll32.exe	27
PID 2384 wrote to memory of 2028	2384	rundll32.exe	27
PID 2384 wrote to memory of 2028	2384	rundll32.exe	27
PID 2384 wrote to memory of 2028	2384	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9dd941acde9d2d745f938c87fca539199d3782362194aa702a7821aaf2b7afd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9dd941acde9d2d745f938c87fca539199d3782362194aa702a7821aaf2b7afd.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2028