54eeaf2314ef9a047b6d157150be498f93570ec27492d8ccee6e8ef99da6b00b

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 07:27

Target

6550cc00d08bb117be1fe4f611b558f0N.dll
Size

4.6MB
MD5

6550cc00d08bb117be1fe4f611b558f0
SHA1

d601fa23d571f7b490d45c783c477a6b55772d9e
SHA256

54eeaf2314ef9a047b6d157150be498f93570ec27492d8ccee6e8ef99da6b00b
SHA512

2982a587882175ee44e9104e61176a787e1735401c308c7ff510fd009ab57cf86e7e3a037f5902ce114ff36753c6ea42fd984479c6332eedcf2878c422d7782b
SSDEEP

98304:NPMvLNHzP6JliHXLa41RaywJkwon+AoQ69fYWF8irG4FjXLPT:NiiMHr1R12kOAFSYAhHXLb

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2340	rundll32.exe
2340	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2340	3004	rundll32.exe	31
PID 3004 wrote to memory of 2340	3004	rundll32.exe	31
PID 3004 wrote to memory of 2340	3004	rundll32.exe	31
PID 3004 wrote to memory of 2340	3004	rundll32.exe	31
PID 3004 wrote to memory of 2340	3004	rundll32.exe	31
PID 3004 wrote to memory of 2340	3004	rundll32.exe	31
PID 3004 wrote to memory of 2340	3004	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6550cc00d08bb117be1fe4f611b558f0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6550cc00d08bb117be1fe4f611b558f0N.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340

memory/2340-10-0x00000000737C0000-0x0000000073EF2000-memory.dmp

Filesize
7.2MB

Download
memory/2340-9-0x00000000737C0000-0x0000000073EF2000-memory.dmp

Filesize
7.2MB

Download
memory/2340-6-0x00000000737DD000-0x0000000073A58000-memory.dmp

Filesize
2.5MB

Download
memory/2340-4-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2340-2-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2340-0-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2340-11-0x00000000737C0000-0x0000000073EF2000-memory.dmp

Filesize
7.2MB

Download
memory/2340-12-0x00000000737DD000-0x0000000073A58000-memory.dmp

Filesize
2.5MB

Download