aab5cc96e141b4bfe913ebea5ac5bdbf4253085a79df00640c7f79bb15246fe3

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:41

Target

aab5cc96e141b4bfe913ebea5ac5bdbf4253085a79df00640c7f79bb15246fe3.dll
Size

899KB
MD5

92f862b39eca2af0b4c9fae1be3c16dc
SHA1

78bee38b43cb16abb35f1365f62ffeca95037307
SHA256

aab5cc96e141b4bfe913ebea5ac5bdbf4253085a79df00640c7f79bb15246fe3
SHA512

1b42752dc2af10dcfa9a7ca39c2e168cb87193ca9069af746cfea06007d236e7650975fe3f1a1e46bd3e31f51ef475a6c10c2a69f29dc6b561583f4d766c19f2
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXH:7wqd87VH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2252	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2252	1876	rundll32.exe	28
PID 1876 wrote to memory of 2252	1876	rundll32.exe	28
PID 1876 wrote to memory of 2252	1876	rundll32.exe	28
PID 1876 wrote to memory of 2252	1876	rundll32.exe	28
PID 1876 wrote to memory of 2252	1876	rundll32.exe	28
PID 1876 wrote to memory of 2252	1876	rundll32.exe	28
PID 1876 wrote to memory of 2252	1876	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aab5cc96e141b4bfe913ebea5ac5bdbf4253085a79df00640c7f79bb15246fe3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aab5cc96e141b4bfe913ebea5ac5bdbf4253085a79df00640c7f79bb15246fe3.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2252