dfa0fae9ea9fe60dee13a6c42d0f27d2eb57460fb6bb0020c9d4fab439449c86

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:19

Target

dfa0fae9ea9fe60dee13a6c42d0f27d2eb57460fb6bb0020c9d4fab439449c86.dll
Size

51KB
MD5

12c111b4b97266d894083e721509d9a5
SHA1

48c6d8343273aed9450bdd0072ea32c54dedab39
SHA256

dfa0fae9ea9fe60dee13a6c42d0f27d2eb57460fb6bb0020c9d4fab439449c86
SHA512

4f6ad8d36feed4db9417c1b19b2b5220fd4aeea9a9a8f9dd7cdf917a90a9c0f1e94229a86910100560b825e3045d6428823918d62463aa8954e4569c7ece459f
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL9JYH5:1dWubF3n9S91BF3fboRJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2376	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2376	2296	rundll32.exe	28
PID 2296 wrote to memory of 2376	2296	rundll32.exe	28
PID 2296 wrote to memory of 2376	2296	rundll32.exe	28
PID 2296 wrote to memory of 2376	2296	rundll32.exe	28
PID 2296 wrote to memory of 2376	2296	rundll32.exe	28
PID 2296 wrote to memory of 2376	2296	rundll32.exe	28
PID 2296 wrote to memory of 2376	2296	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfa0fae9ea9fe60dee13a6c42d0f27d2eb57460fb6bb0020c9d4fab439449c86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfa0fae9ea9fe60dee13a6c42d0f27d2eb57460fb6bb0020c9d4fab439449c86.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2376