b7461bb1256e2ad9925456f9d2cb2606f8d2ffc9c92cb449001a671bbe74b72b

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 22:10

Target

b7461bb1256e2ad9925456f9d2cb2606f8d2ffc9c92cb449001a671bbe74b72b.dll
Size

51KB
MD5

f95242f67361c0e055fd0a4fec620817
SHA1

2a69ce4a3d7a0e99fb4dd2eb6ca875aacb5e8dce
SHA256

b7461bb1256e2ad9925456f9d2cb2606f8d2ffc9c92cb449001a671bbe74b72b
SHA512

11ddebe8eb4685aaa100b52387b39784eb1b301b1bc5160bef31fd5207093f845895decfe8ff609334a8f1ba10ac2af062b4b0e38b7bdca378a8137122c99ff2
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLXJYH5:1dWubF3n9S91BF3fborJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1540	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7461bb1256e2ad9925456f9d2cb2606f8d2ffc9c92cb449001a671bbe74b72b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7461bb1256e2ad9925456f9d2cb2606f8d2ffc9c92cb449001a671bbe74b72b.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1540