e324888743d9749e329c932c58eff2db7cc846a31dde585cc96957f2ed915913

Analysis

max time kernel
133s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:46

Target

039008d4bd8a6f81ab093436b6c716be.dll
Size

942KB
MD5

039008d4bd8a6f81ab093436b6c716be
SHA1

cdc1b0f104de9747cb4dbf723ff91a995bfbbe68
SHA256

e324888743d9749e329c932c58eff2db7cc846a31dde585cc96957f2ed915913
SHA512

31203fdff579ebef2b67c923bf8b5a035e66d059c07c52632769417ecc82cf8d5761c47445f75e7345375d233c371f8a0fc337decd3f1a303cdec1a9f65407cc
SSDEEP

24576:y0HIDVv5btGoZa3YadzOIuVV5wxh/ZwJUi:foDVv5btGoZ2HOwxhxu

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
6	2152	rundll32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\fa62a86eea.dl	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\fa62a86eea.dl	rundll32.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2152	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2152	2416	rundll32.exe	28
PID 2416 wrote to memory of 2152	2416	rundll32.exe	28
PID 2416 wrote to memory of 2152	2416	rundll32.exe	28
PID 2416 wrote to memory of 2152	2416	rundll32.exe	28
PID 2416 wrote to memory of 2152	2416	rundll32.exe	28
PID 2416 wrote to memory of 2152	2416	rundll32.exe	28
PID 2416 wrote to memory of 2152	2416	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\039008d4bd8a6f81ab093436b6c716be.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\039008d4bd8a6f81ab093436b6c716be.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Drops file in System32 directory
  - Suspicious behavior: RenamesItself
  PID:2152

C:\Windows\SysWOW64\fa62a86eea.dl

Filesize
34B

MD5
c3ce9efeea02e5770c7c03b5e5b9c8ca

SHA1
0e9b5cbd8ecadee39c45cb6d8bbce571538cf956

SHA256
d4e6951c606149e945ded4b7db157512b571dfc39b9b846dbdc05844356ce3aa

SHA512
22cfdc676d2f341ec2578967209055c3983d8077a20c0b71a04e1c837f0769c433fa5e074f37b0a6b248bd680d0a4ff0b8899a9beea030e0d67cfef2db79298f

Download Submit
memory/2152-0-0x0000000000770000-0x0000000000862000-memory.dmp

Filesize
968KB

Download