d0d0d04b567e231f46c8d4fb755a5ad1471090a373576544cbf58d6332e6da0a

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 14:08

Target

d0d0d04b567e231f46c8d4fb755a5ad1471090a373576544cbf58d6332e6da0a.dll
Size

51KB
MD5

15f258a1adf1bb3061f73fe8a70c475d
SHA1

d3edb2be48f7d8fa4835f04ed394a4ac22f84dc1
SHA256

d0d0d04b567e231f46c8d4fb755a5ad1471090a373576544cbf58d6332e6da0a
SHA512

d59976440968a82ab27f78403bf6eab959e529e15f6a0a7e6ac78913c736adfafd94c004b534439aa99c15b35f2d1cc550cbb254f9a7d4f6f44cfa51a51dba21
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLdJYH5:1dWubF3n9S91BF3fboZJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2924	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2924	2928	rundll32.exe	28
PID 2928 wrote to memory of 2924	2928	rundll32.exe	28
PID 2928 wrote to memory of 2924	2928	rundll32.exe	28
PID 2928 wrote to memory of 2924	2928	rundll32.exe	28
PID 2928 wrote to memory of 2924	2928	rundll32.exe	28
PID 2928 wrote to memory of 2924	2928	rundll32.exe	28
PID 2928 wrote to memory of 2924	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0d0d04b567e231f46c8d4fb755a5ad1471090a373576544cbf58d6332e6da0a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0d0d04b567e231f46c8d4fb755a5ad1471090a373576544cbf58d6332e6da0a.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2924