9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd

Analysis

max time kernel
119s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:31

Target

9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd.dll
Size

899KB
MD5

ce041a66a72a51231c3aa0f2d49bab9f
SHA1

0e8a835c9228546ba55c2ca3d23d14d0c8a553aa
SHA256

9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd
SHA512

1d6aea15e6b82ac7348a86b1fd2e72840c315aabb23561fe104262b3dfb52e5a073c4af77b628ef05195187f8334fe6d7b8160e8aa65596fe54d6fa9277c0027
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXu:7wqd87Vu

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2496	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2496	1660	rundll32.exe	28
PID 1660 wrote to memory of 2496	1660	rundll32.exe	28
PID 1660 wrote to memory of 2496	1660	rundll32.exe	28
PID 1660 wrote to memory of 2496	1660	rundll32.exe	28
PID 1660 wrote to memory of 2496	1660	rundll32.exe	28
PID 1660 wrote to memory of 2496	1660	rundll32.exe	28
PID 1660 wrote to memory of 2496	1660	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2496