311c562ae81f0b3fa30ea85d5776dcd548b7b63e3afea3246b0ef2a02b0333c7

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 15:39

Target

311c562ae81f0b3fa30ea85d5776dcd548b7b63e3afea3246b0ef2a02b0333c7.dll
Size

51KB
MD5

c96366010717637c014eb19ab811ee4d
SHA1

33534b77e53681725e6d0d069477d21f151e6887
SHA256

311c562ae81f0b3fa30ea85d5776dcd548b7b63e3afea3246b0ef2a02b0333c7
SHA512

f669cc6a1908eabe6dd64b8a2e1f24f56d804b0bff160b3653d476cdcee4eedbddedc6ef3ab7e5c695edc5f8a814ce208001b02f8ca62cf7c7ebd3a8383f9f42
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLzJYH5:1dWubF3n9S91BF3fbovJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1208	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1208	2304	rundll32.exe	28
PID 2304 wrote to memory of 1208	2304	rundll32.exe	28
PID 2304 wrote to memory of 1208	2304	rundll32.exe	28
PID 2304 wrote to memory of 1208	2304	rundll32.exe	28
PID 2304 wrote to memory of 1208	2304	rundll32.exe	28
PID 2304 wrote to memory of 1208	2304	rundll32.exe	28
PID 2304 wrote to memory of 1208	2304	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\311c562ae81f0b3fa30ea85d5776dcd548b7b63e3afea3246b0ef2a02b0333c7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\311c562ae81f0b3fa30ea85d5776dcd548b7b63e3afea3246b0ef2a02b0333c7.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1208