de400840b917c33a82ba316ae244d8691ec0f5a1fd81d7d24763c0513985fe26

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:07

Target

de400840b917c33a82ba316ae244d8691ec0f5a1fd81d7d24763c0513985fe26.dll
Size

396KB
MD5

b3cf56d0b20c4fde35309665796f805c
SHA1

bdefef3e32fb01eeaa12e15e53ae498318a61947
SHA256

de400840b917c33a82ba316ae244d8691ec0f5a1fd81d7d24763c0513985fe26
SHA512

0960a1b95e5924b2800987653521a8d3a304f9a4e730a0d3c95ee88d75101acbce493cfe6beb572075638249ea00ffc87c1477fbd0442bb36338b62dcb261810
SSDEEP

1536:LCwKRsJ5ucqow+cdl4ScsWjcdIjVuyjCgAV:LCwKRkvGl1IjVuyOgAV

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

rundll32.exe

pid process

1936 rundll32.exe

pid	process
1936	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1712 wrote to memory of 1936	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 1936	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 1936	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 1936	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 1936	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 1936	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 1936	1712	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de400840b917c33a82ba316ae244d8691ec0f5a1fd81d7d24763c0513985fe26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de400840b917c33a82ba316ae244d8691ec0f5a1fd81d7d24763c0513985fe26.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1936