054eec64aed83ab9e5a0669eb80b7f3b1adff63a9ac169c6e25d4ba0c8e57f97

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
24/11/2023, 06:58

Target

054eec64aed83ab9e5a0669eb80b7f3b1adff63a9ac169c6e25d4ba0c8e57f97.dll
Size

899KB
MD5

0fda9c6b522cf7343e59166b0b6dbccf
SHA1

afcfcaf7c4c7e8d88fe2d1e24701694cbc503a1b
SHA256

054eec64aed83ab9e5a0669eb80b7f3b1adff63a9ac169c6e25d4ba0c8e57f97
SHA512

878340c241076fd1880383af1d0946a0df306e72c768919e22cca943a5eecbd47da6d1168172243b760cdba4ba34cd6180fab02b5706ae1a8aab8018581b11f4
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXT:7wqd87VT

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2112	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2112	1696	rundll32.exe	28
PID 1696 wrote to memory of 2112	1696	rundll32.exe	28
PID 1696 wrote to memory of 2112	1696	rundll32.exe	28
PID 1696 wrote to memory of 2112	1696	rundll32.exe	28
PID 1696 wrote to memory of 2112	1696	rundll32.exe	28
PID 1696 wrote to memory of 2112	1696	rundll32.exe	28
PID 1696 wrote to memory of 2112	1696	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\054eec64aed83ab9e5a0669eb80b7f3b1adff63a9ac169c6e25d4ba0c8e57f97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\054eec64aed83ab9e5a0669eb80b7f3b1adff63a9ac169c6e25d4ba0c8e57f97.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2112