8379be3851c3841ed12c9800b1ff5b110ecc1acf760fe1f7e7cedd9311af381b

Analysis

max time kernel
136s
max time network
28s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 13:19

Target

8379be3851c3841ed12c9800b1ff5b110ecc1acf760fe1f7e7cedd9311af381b.dll
Size

899KB
MD5

c76d0a8c024d2fe405cb79fa79d75a2e
SHA1

9b78a0c7434424dadcea160fbca252df910bb5be
SHA256

8379be3851c3841ed12c9800b1ff5b110ecc1acf760fe1f7e7cedd9311af381b
SHA512

54ddb3584ab4f0ffe6586dd276f760d4dec4b184af6c4f559bda9f25ee5d51dac3f9820b662fe1e3caacdc918db6b62c903a63b238668bba448398431e281958
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXz:7wqd87Vz

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2568	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2568	1712	rundll32.exe	29
PID 1712 wrote to memory of 2568	1712	rundll32.exe	29
PID 1712 wrote to memory of 2568	1712	rundll32.exe	29
PID 1712 wrote to memory of 2568	1712	rundll32.exe	29
PID 1712 wrote to memory of 2568	1712	rundll32.exe	29
PID 1712 wrote to memory of 2568	1712	rundll32.exe	29
PID 1712 wrote to memory of 2568	1712	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8379be3851c3841ed12c9800b1ff5b110ecc1acf760fe1f7e7cedd9311af381b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8379be3851c3841ed12c9800b1ff5b110ecc1acf760fe1f7e7cedd9311af381b.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2568