0c9e20d4fcd67e0986e8c09258a1ddc7046403c5f98d432623888ad38d45620c

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 18:09

Target

0c9e20d4fcd67e0986e8c09258a1ddc7046403c5f98d432623888ad38d45620c.dll
Size

51KB
MD5

5d618fafe224d932e2f5ff550f326b0a
SHA1

7b0ef40d75e470fe847ab76224e31a838fd182a2
SHA256

0c9e20d4fcd67e0986e8c09258a1ddc7046403c5f98d432623888ad38d45620c
SHA512

c8c6df6d78d62bc9cd5c35c5a62125c1909f28cc79d4bc0c9d5287353ef1d771d22e8d1086bee4989a7d2ca14019e8708130f48ae73801b9f869494e44933fee
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLEJYH5:1dWubF3n9S91BF3fboAJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2944	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2944	2972	rundll32.exe	27
PID 2972 wrote to memory of 2944	2972	rundll32.exe	27
PID 2972 wrote to memory of 2944	2972	rundll32.exe	27
PID 2972 wrote to memory of 2944	2972	rundll32.exe	27
PID 2972 wrote to memory of 2944	2972	rundll32.exe	27
PID 2972 wrote to memory of 2944	2972	rundll32.exe	27
PID 2972 wrote to memory of 2944	2972	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c9e20d4fcd67e0986e8c09258a1ddc7046403c5f98d432623888ad38d45620c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c9e20d4fcd67e0986e8c09258a1ddc7046403c5f98d432623888ad38d45620c.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2944