7b77d1f05def46705ec6b01f0a80099bbd999a3e8d119b2fd1981a40d093c121

Analysis

max time kernel
92s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 15:14

Target

7b77d1f05def46705ec6b01f0a80099bbd999a3e8d119b2fd1981a40d093c121.dll
Size

689KB
MD5

663dfc5a6fa5ace85f5f9715db51e4a0
SHA1

3b83b4e8c053d564b36e4a06dc93308e7ee7538f
SHA256

7b77d1f05def46705ec6b01f0a80099bbd999a3e8d119b2fd1981a40d093c121
SHA512

7f36fd50721f7a5f55c3613e1a6342c717be9c0e5730a5380eaa110ae8fbdd6973b0df6bbf37c952f416b0b1fc82b5b3ba9b22e8186fc553574cb90bb892ac72
SSDEEP

3072:tvtJtLSVBVE09ArbxpKDF3+bHvNV+Z/j1SCieZOrJbirsySvc:RNLS/Vcrby6qFjFZOrBAsyZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 1684	4756	rundll32.exe	80
PID 4756 wrote to memory of 1684	4756	rundll32.exe	80
PID 4756 wrote to memory of 1684	4756	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b77d1f05def46705ec6b01f0a80099bbd999a3e8d119b2fd1981a40d093c121.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b77d1f05def46705ec6b01f0a80099bbd999a3e8d119b2fd1981a40d093c121.dll,#1
  2⤵
  PID:1684