0f20cba24057d513019003126999cdeea3c81b9ee06aec5d3dad95d4c7cff3a8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 21:48

Target

0f20cba24057d513019003126999cdeea3c81b9ee06aec5d3dad95d4c7cff3a8.dll
Size

51KB
MD5

329c4e66bb9620a4ef6b24a0243ba527
SHA1

ed0819b46b4b63554c9f0704e489d554b418dce2
SHA256

0f20cba24057d513019003126999cdeea3c81b9ee06aec5d3dad95d4c7cff3a8
SHA512

95af25017255666d97049487b53354c8417b48b08a3d305163b3ad6d5978dcbab6d1147ebf302b25e4d56a299171271ccff7aeb823c12dbc4d8b3d50670a95cc
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLfJYH5:1dWubF3n9S91BF3fbo7JYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2184	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2184	2084	rundll32.exe	28
PID 2084 wrote to memory of 2184	2084	rundll32.exe	28
PID 2084 wrote to memory of 2184	2084	rundll32.exe	28
PID 2084 wrote to memory of 2184	2084	rundll32.exe	28
PID 2084 wrote to memory of 2184	2084	rundll32.exe	28
PID 2084 wrote to memory of 2184	2084	rundll32.exe	28
PID 2084 wrote to memory of 2184	2084	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f20cba24057d513019003126999cdeea3c81b9ee06aec5d3dad95d4c7cff3a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f20cba24057d513019003126999cdeea3c81b9ee06aec5d3dad95d4c7cff3a8.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2184