77920065a7f2f3cf60b1e83bf905f9f061fe8ec109c276ac879ce76a600bee67

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 07:32

Target

77920065a7f2f3cf60b1e83bf905f9f061fe8ec109c276ac879ce76a600bee67.dll
Size

137KB
MD5

8528e99905592029090d5bb3bc717680
SHA1

50ddb3f1b2be77f4c5bb05c050928cdd5b8d2e98
SHA256

77920065a7f2f3cf60b1e83bf905f9f061fe8ec109c276ac879ce76a600bee67
SHA512

29209df90b539d37dade98df20d909aa63c0bcbe58bfa92cf57b89ef7cf738dc94379c6e625b079376352770e5b495ac83dddd19296afc384ad3d3be75b6156a
SSDEEP

3072:S8wA0TMD5Dqg0yN1nvAANSw8ltWoihGCyMOLySWst+fXxS0ILE:S8w6D4Kotup0LWI+fp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 1212	1508	rundll32.exe	28
PID 1508 wrote to memory of 1212	1508	rundll32.exe	28
PID 1508 wrote to memory of 1212	1508	rundll32.exe	28
PID 1508 wrote to memory of 1212	1508	rundll32.exe	28
PID 1508 wrote to memory of 1212	1508	rundll32.exe	28
PID 1508 wrote to memory of 1212	1508	rundll32.exe	28
PID 1508 wrote to memory of 1212	1508	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77920065a7f2f3cf60b1e83bf905f9f061fe8ec109c276ac879ce76a600bee67.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77920065a7f2f3cf60b1e83bf905f9f061fe8ec109c276ac879ce76a600bee67.dll,#1
  2⤵
  PID:1212

memory/1212-55-0x0000000075631000-0x0000000075633000-memory.dmp

Filesize
8KB

Download