977b29ebb0b39c3c246a76b69e5559e085bb735be77cdde3a4eaac21f6038ee9

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 04:54

Target

977b29ebb0b39c3c246a76b69e5559e085bb735be77cdde3a4eaac21f6038ee9.dll
Size

40KB
MD5

a7be1e6bb3acad98e2f161380cfaaa09
SHA1

705acf0c768b411c4eb960172aaa01d48ef3a2a6
SHA256

977b29ebb0b39c3c246a76b69e5559e085bb735be77cdde3a4eaac21f6038ee9
SHA512

3da71bb71d23b98ab95b8153e77ff07bd3252a04872274b8f795fb8b7757f56ad6c278f0f3b02abc4a3f2aaf4210ab256fd5155524a6c9acdcf00dc0a7769a50
SSDEEP

768:UkAty3Cq1JYlLrHWRjhxD1UAuar7SSQk6I62RTCxVJQkNPo9sYvuCg:UkAtyyqMiZDig7SSQV2RTCxvQeoiHf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 1188	1060	rundll32.exe	27
PID 1060 wrote to memory of 1188	1060	rundll32.exe	27
PID 1060 wrote to memory of 1188	1060	rundll32.exe	27
PID 1060 wrote to memory of 1188	1060	rundll32.exe	27
PID 1060 wrote to memory of 1188	1060	rundll32.exe	27
PID 1060 wrote to memory of 1188	1060	rundll32.exe	27
PID 1060 wrote to memory of 1188	1060	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\977b29ebb0b39c3c246a76b69e5559e085bb735be77cdde3a4eaac21f6038ee9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\977b29ebb0b39c3c246a76b69e5559e085bb735be77cdde3a4eaac21f6038ee9.dll,#1
  2⤵
  PID:1188

memory/1188-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download