01ec974abd242dff19070e49105700e34fbae97c21759f7b09bb2b217a956643

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:49

Target

06188decb95a1e5bc4105347abd95d80.dll
Size

35KB
MD5

06188decb95a1e5bc4105347abd95d80
SHA1

cfadff6809a09dce1d634a7ea9943245b7a4eea5
SHA256

01ec974abd242dff19070e49105700e34fbae97c21759f7b09bb2b217a956643
SHA512

b1ddee54aa473d37693a3fe71cd5de94eaf0919afdf227afb76bba0da5d86075ce30cd2ea3677bad6076d94d9b8b5b9a5eb438923fa427c6dfedbdf2cc5ab374
SSDEEP

768:DbWoNO4V2o6I4Iz1/ija+1IK9j8BhX0ALoUY+vRYOpBlMRTtPQFeBGRRuY:D9FWob2UY+vKOpBlGTZkak

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2092	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2092	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2092	2492	rundll32.exe	17
PID 2492 wrote to memory of 2092	2492	rundll32.exe	17
PID 2492 wrote to memory of 2092	2492	rundll32.exe	17
PID 2492 wrote to memory of 2092	2492	rundll32.exe	17
PID 2492 wrote to memory of 2092	2492	rundll32.exe	17
PID 2492 wrote to memory of 2092	2492	rundll32.exe	17
PID 2492 wrote to memory of 2092	2492	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06188decb95a1e5bc4105347abd95d80.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06188decb95a1e5bc4105347abd95d80.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2092

memory/2092-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download