d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-04-2024 08:14

Target

d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll
Size

50KB
MD5

b1d9bc58ea6c52e9698729eb784773c5
SHA1

cdf14bea73d3342b8d4b911f0d9ed474d2246a94
SHA256

d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60
SHA512

6c18e8b319e3afbd90d05038ff885924e80f3e00020e5eed403fa45154ff43132cc6e50ca77f2b1cfb3651d1facd23b8c72d9fbc01e24edf7a7647b3994e9603
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5RJYH:W5ReWjTrW9rNPgYoDJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

Processes:

rundll32.exe

pid process

2156 rundll32.exe

pid	process
2156	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2212 wrote to memory of 2156	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2156	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2156	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2156	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2156	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2156	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2156	2212	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2212

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll,#1
2⤵
- Suspicious behavior: RenamesItself
PID:2156