71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1

Analysis

max time kernel
120s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 20:47

Target

71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
Size

899KB
MD5

4056ff52fc3297465ecfab806e5802f5
SHA1

92d139b4a58c3a26f4c850552a6547a55a1f880e
SHA256

71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1
SHA512

5627539c915f151b64bc34e96584cf1319546f26b26bef50730a2686bf4722cda84f937c1624dbaaa775ae684f905d138c5b066d52c8a0da79782f20d781251f
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX+:7wqd87V+

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2660	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2660	2880	rundll32.exe	18
PID 2880 wrote to memory of 2660	2880	rundll32.exe	18
PID 2880 wrote to memory of 2660	2880	rundll32.exe	18
PID 2880 wrote to memory of 2660	2880	rundll32.exe	18
PID 2880 wrote to memory of 2660	2880	rundll32.exe	18
PID 2880 wrote to memory of 2660	2880	rundll32.exe	18
PID 2880 wrote to memory of 2660	2880	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2660