42c2d0f8d09b2b5dc377b12584dc2f3ae2bd6c1349713fbb09585e19aeab3339

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 13:25

Target

42c2d0f8d09b2b5dc377b12584dc2f3ae2bd6c1349713fbb09585e19aeab3339.dll
Size

51KB
MD5

e2e8907524c0a170f3b77c379d2f81d5
SHA1

b06e7fe9e2527ad9e0f41381091bfd847d7626df
SHA256

42c2d0f8d09b2b5dc377b12584dc2f3ae2bd6c1349713fbb09585e19aeab3339
SHA512

dd9709cd73934ea335ac8e805cf45bad052c3a680fc971fa422b3a6e80ea48d9a16c6f8cbba359930e7328addd0c635897c2d3b32ee3c766ec4b679af43e6eb9
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL+cJYH5:1dWubF3n9S91BF3fbonJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2204	2884	rundll32.exe	28
PID 2884 wrote to memory of 2204	2884	rundll32.exe	28
PID 2884 wrote to memory of 2204	2884	rundll32.exe	28
PID 2884 wrote to memory of 2204	2884	rundll32.exe	28
PID 2884 wrote to memory of 2204	2884	rundll32.exe	28
PID 2884 wrote to memory of 2204	2884	rundll32.exe	28
PID 2884 wrote to memory of 2204	2884	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42c2d0f8d09b2b5dc377b12584dc2f3ae2bd6c1349713fbb09585e19aeab3339.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42c2d0f8d09b2b5dc377b12584dc2f3ae2bd6c1349713fbb09585e19aeab3339.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2204