8ff38cc35e3fe088c537565af4e30c456eabe6ca2eb9fc01f3b48d75577e2ea6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 00:03

Target

8ff38cc35e3fe088c537565af4e30c456eabe6ca2eb9fc01f3b48d75577e2ea6.dll
Size

50KB
MD5

139bec0ea2e4447c759c03c28fbe01a1
SHA1

0fcfca3aae7e518c67663a4f701893500b6ad7e8
SHA256

8ff38cc35e3fe088c537565af4e30c456eabe6ca2eb9fc01f3b48d75577e2ea6
SHA512

15e7b35b7c36789acdcb236bc91dadd044b116a6d52588d858e23b393b495257c33acaeeae21394b12e9b701369f12f8d58129e5702d27d240523fe32e35fd1b
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5sJYH:W5ReWjTrW9rNPgYoOJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1760	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1760	2216	rundll32.exe	28
PID 2216 wrote to memory of 1760	2216	rundll32.exe	28
PID 2216 wrote to memory of 1760	2216	rundll32.exe	28
PID 2216 wrote to memory of 1760	2216	rundll32.exe	28
PID 2216 wrote to memory of 1760	2216	rundll32.exe	28
PID 2216 wrote to memory of 1760	2216	rundll32.exe	28
PID 2216 wrote to memory of 1760	2216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ff38cc35e3fe088c537565af4e30c456eabe6ca2eb9fc01f3b48d75577e2ea6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ff38cc35e3fe088c537565af4e30c456eabe6ca2eb9fc01f3b48d75577e2ea6.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1760