54ad4feed22f6690b96d40732a72f97cb698e9185c99241b690b27f83d0b5fb6

Analysis

max time kernel
127s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 00:14

Target

54ad4feed22f6690b96d40732a72f97cb698e9185c99241b690b27f83d0b5fb6.dll
Size

50KB
MD5

4a9bc92982af341c4676f79fe3deb22c
SHA1

3e3da6de21777af878182f3c64716f3c0535bab7
SHA256

54ad4feed22f6690b96d40732a72f97cb698e9185c99241b690b27f83d0b5fb6
SHA512

ddc9de64280aa77dc51839812aaa18aa99f9fdd7671f733f931be995070f576466bb6e3cd0e029e0423720f64414bf95ba2813ce7731d4e81a958a32a2f99cdf
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5AJYH:W5ReWjTrW9rNPgYoWJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2420	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2420	1316	rundll32.exe	28
PID 1316 wrote to memory of 2420	1316	rundll32.exe	28
PID 1316 wrote to memory of 2420	1316	rundll32.exe	28
PID 1316 wrote to memory of 2420	1316	rundll32.exe	28
PID 1316 wrote to memory of 2420	1316	rundll32.exe	28
PID 1316 wrote to memory of 2420	1316	rundll32.exe	28
PID 1316 wrote to memory of 2420	1316	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54ad4feed22f6690b96d40732a72f97cb698e9185c99241b690b27f83d0b5fb6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\54ad4feed22f6690b96d40732a72f97cb698e9185c99241b690b27f83d0b5fb6.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2420