6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 13:37 UTC

Target

6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll
Size

51KB
MD5

d30d133f09f2702ff95a724cccc2a04e
SHA1

e0270d9309aeb68f349d1de6a78f0a0b0fefa0f2
SHA256

6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73
SHA512

1ed306d9dbb8d51ff6c911283a67c831fd6a1086349fbbb6e17439bbc35b7f61fcca6ad2d0e3e61e0e689b2d8f9b6d3f0cbd9a405f3395d263b1539e3c4a08f0
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLTJYH5:1dWubF3n9S91BF3fbo3JYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2920	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2920	2856	rundll32.exe	28
PID 2856 wrote to memory of 2920	2856	rundll32.exe	28
PID 2856 wrote to memory of 2920	2856	rundll32.exe	28
PID 2856 wrote to memory of 2920	2856	rundll32.exe	28
PID 2856 wrote to memory of 2920	2856	rundll32.exe	28
PID 2856 wrote to memory of 2920	2856	rundll32.exe	28
PID 2856 wrote to memory of 2920	2856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2920