96befdf0e9a5a7321e00c0a4e28540256ddf82b85e6d67856ebd678323821985

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 22:17

Target

96befdf0e9a5a7321e00c0a4e28540256ddf82b85e6d67856ebd678323821985.dll
Size

899KB
MD5

b97d37c6de86004c348068de33b34850
SHA1

f838047c9575608df3379434a155af5d074a38b9
SHA256

96befdf0e9a5a7321e00c0a4e28540256ddf82b85e6d67856ebd678323821985
SHA512

16eeb43d3f5cb52639afae45557592a9fd014299968b0c0f9597ab1f4d36c5c7366e24c5f28c39563d665d7802e87b8228488321e2bfc819113ed28d7a0425e2
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXi:7wqd87Vi

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2264	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2264	1720	rundll32.exe	28
PID 1720 wrote to memory of 2264	1720	rundll32.exe	28
PID 1720 wrote to memory of 2264	1720	rundll32.exe	28
PID 1720 wrote to memory of 2264	1720	rundll32.exe	28
PID 1720 wrote to memory of 2264	1720	rundll32.exe	28
PID 1720 wrote to memory of 2264	1720	rundll32.exe	28
PID 1720 wrote to memory of 2264	1720	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96befdf0e9a5a7321e00c0a4e28540256ddf82b85e6d67856ebd678323821985.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\96befdf0e9a5a7321e00c0a4e28540256ddf82b85e6d67856ebd678323821985.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2264