9c6118b6b573b60bd7193b2553b60c57812ab4588a7be901d549fa8c761dd51c

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 15:07

Target

9c6118b6b573b60bd7193b2553b60c57812ab4588a7be901d549fa8c761dd51c.dll
Size

50KB
MD5

5b806135067c8b7b595122068f4852f3
SHA1

f8baebbb5f245659f417e106c57fdd026ce34588
SHA256

9c6118b6b573b60bd7193b2553b60c57812ab4588a7be901d549fa8c761dd51c
SHA512

353d48d3fd0dd4b038b6203ada3f2a9a7bb20821320142df55a1fe56f202a7b95e1fd6a1a9ab1eccd3ae03f440028a473218ce6bb27f46868b49ee7d8672a25e
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5uJYH:W5ReWjTrW9rNPgYoIJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2136	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 2136	640	rundll32.exe	28
PID 640 wrote to memory of 2136	640	rundll32.exe	28
PID 640 wrote to memory of 2136	640	rundll32.exe	28
PID 640 wrote to memory of 2136	640	rundll32.exe	28
PID 640 wrote to memory of 2136	640	rundll32.exe	28
PID 640 wrote to memory of 2136	640	rundll32.exe	28
PID 640 wrote to memory of 2136	640	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c6118b6b573b60bd7193b2553b60c57812ab4588a7be901d549fa8c761dd51c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c6118b6b573b60bd7193b2553b60c57812ab4588a7be901d549fa8c761dd51c.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2136