f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 22:50

Target

f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll
Size

51KB
MD5

92f91ad431461b938ada8d26fbe706e2
SHA1

727654cd7861792cb8589f8ac024279270d2cff6
SHA256

f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f
SHA512

1c483eecbf8bf805243037e38c934ea5bc79d73bc2eab9e95226f55f6e9b286faba3b7281515e89e17e3bde0dc9510351452d48824739f5e94b8bdc6d58ed0d2
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLdJYH5:1dWubF3n9S91BF3fboJJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2732	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2732	2084	rundll32.exe	28
PID 2084 wrote to memory of 2732	2084	rundll32.exe	28
PID 2084 wrote to memory of 2732	2084	rundll32.exe	28
PID 2084 wrote to memory of 2732	2084	rundll32.exe	28
PID 2084 wrote to memory of 2732	2084	rundll32.exe	28
PID 2084 wrote to memory of 2732	2084	rundll32.exe	28
PID 2084 wrote to memory of 2732	2084	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2732