e516db27d9fcdc830c025a4499b41d6839dd2c82c6a5a2df969014a1309d9e77

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07-06-2024 13:29

Target

e516db27d9fcdc830c025a4499b41d6839dd2c82c6a5a2df969014a1309d9e77.dll
Size

51KB
MD5

eb97546f7f8a998a50118666927b495a
SHA1

4f7f46addd7a4d66b3e8e1b6b9b41b1a05fa7b86
SHA256

e516db27d9fcdc830c025a4499b41d6839dd2c82c6a5a2df969014a1309d9e77
SHA512

c78de8a6b79fe10e4f95d804a84efdd3f78da270b389c60296136f854e8dfd112afc42fcadb770c2bbffedcf10d956692aa35d76ee55a257804d41b5abd104a7
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezesAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBFpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2124	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2124	1752	rundll32.exe	28
PID 1752 wrote to memory of 2124	1752	rundll32.exe	28
PID 1752 wrote to memory of 2124	1752	rundll32.exe	28
PID 1752 wrote to memory of 2124	1752	rundll32.exe	28
PID 1752 wrote to memory of 2124	1752	rundll32.exe	28
PID 1752 wrote to memory of 2124	1752	rundll32.exe	28
PID 1752 wrote to memory of 2124	1752	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e516db27d9fcdc830c025a4499b41d6839dd2c82c6a5a2df969014a1309d9e77.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e516db27d9fcdc830c025a4499b41d6839dd2c82c6a5a2df969014a1309d9e77.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2124

memory/2124-0-0x0000000074590000-0x00000000745A0000-memory.dmp

Filesize
64KB

Download