fd54ef6c211c108e269ba00dfa0f5b82ed6558e11db57f75b34a82ebbe92d853

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 23:31

Target

fd54ef6c211c108e269ba00dfa0f5b82ed6558e11db57f75b34a82ebbe92d853.dll
Size

899KB
MD5

85b649afc7b177711393ad9574b62362
SHA1

3d344a2c20a1d8a448b6eaa4e4b7f181dc5579b8
SHA256

fd54ef6c211c108e269ba00dfa0f5b82ed6558e11db57f75b34a82ebbe92d853
SHA512

4eaa34c22c91a04d8f145a90e4efd8264b35f98ecda503edd85fe6bb7e72c74d973d7e02e04bf45e8f88a7ac16a13c585391700879fc7687eb0d9da289a1e2df
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXo:7wqd87Vo

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1756	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd54ef6c211c108e269ba00dfa0f5b82ed6558e11db57f75b34a82ebbe92d853.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd54ef6c211c108e269ba00dfa0f5b82ed6558e11db57f75b34a82ebbe92d853.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1756