65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 13:32

Target

65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e.dll
Size

50KB
MD5

65ebafeecef39acc58f3c697c7a860f2
SHA1

a24478edb8f95aed8dcd8a35634ef29eb4f3d70e
SHA256

65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e
SHA512

d6d6ac05e287083d3633d2fbfd490ea74b4325c2627e2189ff837bb4a20591b07011300118b41eac910acc2d2e1308929764e88657acb0cc6f180b3c3dc9607e
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5hJYH:W5ReWjTrW9rNPgYoTJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2760	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 2760	308	rundll32.exe	28
PID 308 wrote to memory of 2760	308	rundll32.exe	28
PID 308 wrote to memory of 2760	308	rundll32.exe	28
PID 308 wrote to memory of 2760	308	rundll32.exe	28
PID 308 wrote to memory of 2760	308	rundll32.exe	28
PID 308 wrote to memory of 2760	308	rundll32.exe	28
PID 308 wrote to memory of 2760	308	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2760