63caee8501031993bd0d36efb9635fb0410b8396f48fded9c46b41153f5b4977

Analysis

max time kernel
146s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 15:53

Target

3a7a01bfab73207d11837597925eb6f0.dll
Size

876KB
MD5

3a7a01bfab73207d11837597925eb6f0
SHA1

fc1024fb27783fcde824f9b872688ed436c22d5f
SHA256

63caee8501031993bd0d36efb9635fb0410b8396f48fded9c46b41153f5b4977
SHA512

99ceea27c911d36b29e4d16a73240f15bb7ab98c2b8effec05adef8fb81d5084647865d1d8089034441fed81e8720162a5a7e46c8d39eb438f42228963f44140
SSDEEP

24576:GPF3n6MYjlRk95gdOLZa5cNTt4qDRk7adIKxQXJ:GPF3Yn8594qD27addx8

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	2256	rundll32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\2eb8a65fc0.dl	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\2eb8a65fc0.dl	rundll32.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2256	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2256	2540	rundll32.exe	15
PID 2540 wrote to memory of 2256	2540	rundll32.exe	15
PID 2540 wrote to memory of 2256	2540	rundll32.exe	15
PID 2540 wrote to memory of 2256	2540	rundll32.exe	15
PID 2540 wrote to memory of 2256	2540	rundll32.exe	15
PID 2540 wrote to memory of 2256	2540	rundll32.exe	15
PID 2540 wrote to memory of 2256	2540	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a7a01bfab73207d11837597925eb6f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540

C:\Windows\SysWOW64\2eb8a65fc0.dl

Filesize
22B

MD5
3be870a59d9e79c2024b6ed765939e51

SHA1
7d247f54555ffabe527f5fe748a9865d7840dbb5

SHA256
21d2d999fb73446d222d909e1e6ffddc6488ea8e1dc1755b195a085cfa9ced95

SHA512
94ac9f3d928f1e92229b441435a9c6f2b1e16de1cc2496c3e7ff9c532d928ef1babdc6cc2d3ec0f70ab75414bc6b7e5c5a37b5f0e9fb006ffca5d579fcc9fa6e

Download Submit
memory/2256-0-0x0000000000840000-0x0000000000921000-memory.dmp

Filesize
900KB

Download