aff6e989cf5608693a23ee6f4c02499cd4889d80373f15628d876f39c2f58ba8

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 00:03

Target

aff6e989cf5608693a23ee6f4c02499cd4889d80373f15628d876f39c2f58ba8.dll
Size

50KB
MD5

91fa19099a6154ef55f5a801757b0e13
SHA1

3f092cb5ca6ceb032c862fc13c92ddbcf1673a8b
SHA256

aff6e989cf5608693a23ee6f4c02499cd4889d80373f15628d876f39c2f58ba8
SHA512

93115bfe90317698d0b795eeefb1dcc8da298a0b620c78ce87d76dca412a2cbfdbc7c08924a2026b8d48242ca7e903ab791dd55625fb843f5495feff0d8237c6
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5RJYH:W5ReWjTrW9rNPgYorJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2372	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2372	2336	rundll32.exe	28
PID 2336 wrote to memory of 2372	2336	rundll32.exe	28
PID 2336 wrote to memory of 2372	2336	rundll32.exe	28
PID 2336 wrote to memory of 2372	2336	rundll32.exe	28
PID 2336 wrote to memory of 2372	2336	rundll32.exe	28
PID 2336 wrote to memory of 2372	2336	rundll32.exe	28
PID 2336 wrote to memory of 2372	2336	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aff6e989cf5608693a23ee6f4c02499cd4889d80373f15628d876f39c2f58ba8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aff6e989cf5608693a23ee6f4c02499cd4889d80373f15628d876f39c2f58ba8.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2372