be9cef5dfb070b1d81a019f5a8a3df0b66efe4eb3a45da21c2165517986df55e

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 01:42

Target

be9cef5dfb070b1d81a019f5a8a3df0b66efe4eb3a45da21c2165517986df55e.dll
Size

51KB
MD5

923db6d1ea7d2d9bd34ac9741f26bad4
SHA1

16aa745b3e0dbcc3b7bc866bf413161f9b878270
SHA256

be9cef5dfb070b1d81a019f5a8a3df0b66efe4eb3a45da21c2165517986df55e
SHA512

885ba473c64e522ccb63917a233472ed3e9cc8ae8a0ae88920221af686270c345ec64de1ae3389c73f1ee7e6a1ec11ab76d003a8563da597de8034fb26487b3e
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLWJYH5:1dWubF3n9S91BF3fboaJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2692	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2692	1540	rundll32.exe	28
PID 1540 wrote to memory of 2692	1540	rundll32.exe	28
PID 1540 wrote to memory of 2692	1540	rundll32.exe	28
PID 1540 wrote to memory of 2692	1540	rundll32.exe	28
PID 1540 wrote to memory of 2692	1540	rundll32.exe	28
PID 1540 wrote to memory of 2692	1540	rundll32.exe	28
PID 1540 wrote to memory of 2692	1540	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be9cef5dfb070b1d81a019f5a8a3df0b66efe4eb3a45da21c2165517986df55e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\be9cef5dfb070b1d81a019f5a8a3df0b66efe4eb3a45da21c2165517986df55e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2692