Windows Analysis Report
1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll

Overview

General Information

Sample name: 1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll
(renamed file extension from exe to dll)
Original sample name: 1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.exe
Analysis ID: 1543310
MD5: aad5dab4c6566b7b928d62015b263701
SHA1: bbe25668c8dec690c16287e1c7f3ddb2c92598a7
SHA256: 00c53946bf2c91ea24af7e12c0e938b8eab4bb6cabd43fcb8b85ee9166927a1d
Tags: base64-decodedexeuser-abuse_ch
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Sigma detected: Execute DLL with spoofed extension
AI detected suspicious sample
Creates a process in suspended mode (likely to inject code)
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 86.8% probability
Sample file is different than original file name gathered from version info
Source: 1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll Binary or memory string: OriginalFilenameLhqdy.exe" vs 1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll
Source: rundll32.exe, 00000009.00000002.4335137979.000000000073A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ta\Local\TempCOM;.EXE;.BAT;.CMD;.VBP.
Source: rundll32.exe, 0000001B.00000002.4335954222.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ta\Local\TempCOM;.EXE;.BAT;.CMD;.VBP
Source: classification engine Classification label: mal52.evad.winDLL@83/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
Source: 1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll Static file information: TRID: Win32 Dynamic Link Library (generic) Net Framework (1011504/3) 50.14%
Source: C:\Windows\System32\loaddll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: unknown Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll"
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown
Source: C:\Windows\System32\loaddll32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1730040845f478945bb2b09deed546a6fcbdc64e362092e26ef57d4f6f4cd6dc0b4e48aff0468.dat-decoded.dll",#1 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1543310 Sample: 1730040845f478945bb2b09deed... Startdate: 27/10/2024 Architecture: WINDOWS Score: 52 36 Sigma detected: Execute DLL with spoofed extension 2->36 38 AI detected suspicious sample 2->38 14 loaddll32.exe 1 2->14         started        process3 process4 16 cmd.exe 1 14->16         started        18 conhost.exe 14->18         started        process5 20 rundll32.exe 16->20         started        process6 22 rundll32.exe 20->22         started        process7 24 rundll32.exe 22->24         started        process8 26 rundll32.exe 24->26         started        process9 28 rundll32.exe 26->28         started        process10 30 rundll32.exe 28->30         started        process11 32 rundll32.exe 30->32         started        process12 34 rundll32.exe 32->34         started       
No contacted IP infos