2a881ff078304a2a98252089ab98fff824b48f881abaf1e1b6b7f7275bf1c435

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 16:50

Target

7011ae4985c7303d1c82dabe71d629a3.dll
Size

698KB
MD5

7011ae4985c7303d1c82dabe71d629a3
SHA1

8db0358cf28db3387b59bee567b8aeac5b606b8f
SHA256

2a881ff078304a2a98252089ab98fff824b48f881abaf1e1b6b7f7275bf1c435
SHA512

e650dd0b18b77e94f090fe5179c625335d59653b37d8f531dd9cd88ca6200c91e01ccde55873e0659a07a24fe2af6b4523d331744af04cf9f84da7c84fd16157
SSDEEP

12288:tTGQB++8fP9T8ONWnCrkRB5yCU8SQ1K8Ph1tBLfN64GIl4bp:xQ+Q9T8ONWnCrkRB5yCkq1tBrN63Iab

Score

1^/10

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BFA0.FieldListCtrl.1\	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BFA0.FieldListCtrl.1\DefaultIcon	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7011ae4985c7303d1c82dabe71d629a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7011ae4985c7303d1c82dabe71d629a3.dll,#1
  2⤵
  - Modifies registry class
  PID:2132

memory/2132-0-0x0000000065B40000-0x0000000065BF8000-memory.dmp

Filesize
736KB

Download