e41082dbd3600dcccb78678d5eda2ff204ac48c2609d07edf0c635190439dbf9

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 11:15

Target

677c1fcef907bdfa69259febf7d438f4.dll
Size

216KB
MD5

677c1fcef907bdfa69259febf7d438f4
SHA1

dc8cda17b47f5d0824d87116ab9cab7a6f229303
SHA256

e41082dbd3600dcccb78678d5eda2ff204ac48c2609d07edf0c635190439dbf9
SHA512

7fee8301974157ade6a4acc32e21a40ad6e19f6cf72c0632badaa78a843287d17af19614946f8a5ae4476cd6eb8e10c89aec132e3c0dac99121f874b53777dc7
SSDEEP

3072:TQ+D2mDLtVtO/kHlKXte1hnxwrtjxzcLsvQ2o0voF16/RdvnlyIHT4qtB1hnUthK:k+DRDP2kFGzcLmvoF16/ByIHcLK

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\wdmaud.drv	rundll32.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1708	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 1708	2328	rundll32.exe	28
PID 2328 wrote to memory of 1708	2328	rundll32.exe	28
PID 2328 wrote to memory of 1708	2328	rundll32.exe	28
PID 2328 wrote to memory of 1708	2328	rundll32.exe	28
PID 2328 wrote to memory of 1708	2328	rundll32.exe	28
PID 2328 wrote to memory of 1708	2328	rundll32.exe	28
PID 2328 wrote to memory of 1708	2328	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\677c1fcef907bdfa69259febf7d438f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\677c1fcef907bdfa69259febf7d438f4.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  PID:1708