18e2bae40cd44acc5a7418915ffcfe43ab016fb2eeb58d4e9536cd1e994a88f9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:02

Target

750a1c183ebf56b66ac1f0593937a515.dll
Size

20KB
MD5

750a1c183ebf56b66ac1f0593937a515
SHA1

593b08a23f9f099fac6c80f447be052c78561de5
SHA256

18e2bae40cd44acc5a7418915ffcfe43ab016fb2eeb58d4e9536cd1e994a88f9
SHA512

3df36d01db78ceed5f427eb0b301997f7fdcea85bc47e300b5cec237088943d8f187fae403e09b888a21db35c721b524e197ce5c7a353c42f500d0002fccb59e
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplTCAu8UaWHuqaTlX0wG:zfYh2oCtpXPTx2OqaewG

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

rundll32.exe

pid process

2668 rundll32.exe

pid	process
2668	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3068 wrote to memory of 2668	3068	rundll32.exe	rundll32.exe
PID 3068 wrote to memory of 2668	3068	rundll32.exe	rundll32.exe
PID 3068 wrote to memory of 2668	3068	rundll32.exe	rundll32.exe
PID 3068 wrote to memory of 2668	3068	rundll32.exe	rundll32.exe
PID 3068 wrote to memory of 2668	3068	rundll32.exe	rundll32.exe
PID 3068 wrote to memory of 2668	3068	rundll32.exe	rundll32.exe
PID 3068 wrote to memory of 2668	3068	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\750a1c183ebf56b66ac1f0593937a515.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\750a1c183ebf56b66ac1f0593937a515.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668