36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 08:19

Target

36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59.dll
Size

50KB
MD5

ccabe04b53168e03e5ae34f18922a74a
SHA1

c20e95621d7ca4385871215148ec438a7ede26c9
SHA256

36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59
SHA512

70403368caa0e4b646c033d920b487efc16e54f2c4a247450dca210bf76986e8455a187e6655591d16ad94374b511d8a095e5a096b3abc274888c371cdd34dee
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o54JYH:W5ReWjTrW9rNPgYoCJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2736	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2736	2512	rundll32.exe	28
PID 2512 wrote to memory of 2736	2512	rundll32.exe	28
PID 2512 wrote to memory of 2736	2512	rundll32.exe	28
PID 2512 wrote to memory of 2736	2512	rundll32.exe	28
PID 2512 wrote to memory of 2736	2512	rundll32.exe	28
PID 2512 wrote to memory of 2736	2512	rundll32.exe	28
PID 2512 wrote to memory of 2736	2512	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2736