bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8

Analysis

max time kernel
127s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 23:22

Target

bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8.dll
Size

899KB
MD5

4b842326be862951ec0a9fa8113b9938
SHA1

0da98885a072d500c43b2f8c50e658f403e0421f
SHA256

bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8
SHA512

0385125fbe0e285745be7a6c490d0e887d8d5689368c76f6d6e92b44fb6bac2a28c04314a709a95f68ac880aa4ddd2539d8163aa7c2027e59dd00cfa26b42b1f
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX9:7wqd87V9

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1224	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 1224	1300	rundll32.exe	28
PID 1300 wrote to memory of 1224	1300	rundll32.exe	28
PID 1300 wrote to memory of 1224	1300	rundll32.exe	28
PID 1300 wrote to memory of 1224	1300	rundll32.exe	28
PID 1300 wrote to memory of 1224	1300	rundll32.exe	28
PID 1300 wrote to memory of 1224	1300	rundll32.exe	28
PID 1300 wrote to memory of 1224	1300	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1224