45d80faa03cd065bfbdc4679e01a81f3057db11d74a46a99730f3350f789c4c4

Analysis

max time kernel
128s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 01:21

Target

45d80faa03cd065bfbdc4679e01a81f3057db11d74a46a99730f3350f789c4c4.dll
Size

899KB
MD5

457cd6e8510efd003886d52fae480001
SHA1

4859580941fd0f3ec14998082adbf29f031165fc
SHA256

45d80faa03cd065bfbdc4679e01a81f3057db11d74a46a99730f3350f789c4c4
SHA512

bfdba5ef274f6c41468102046ca5db888b82eecff4ecd7093aaad9c95821474bc84834377a18d058ed7b2e9e4b40b4756f4e14bf39dd71119644d157dd3280df
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXQ:7wqd87VQ

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2600	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2600	3012	rundll32.exe	28
PID 3012 wrote to memory of 2600	3012	rundll32.exe	28
PID 3012 wrote to memory of 2600	3012	rundll32.exe	28
PID 3012 wrote to memory of 2600	3012	rundll32.exe	28
PID 3012 wrote to memory of 2600	3012	rundll32.exe	28
PID 3012 wrote to memory of 2600	3012	rundll32.exe	28
PID 3012 wrote to memory of 2600	3012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45d80faa03cd065bfbdc4679e01a81f3057db11d74a46a99730f3350f789c4c4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45d80faa03cd065bfbdc4679e01a81f3057db11d74a46a99730f3350f789c4c4.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2600