0764408bc422786a13040d885050a7cbf6c99cbb004cdc74119bbaa40b34e864

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 23:31

Target

0764408bc422786a13040d885050a7cbf6c99cbb004cdc74119bbaa40b34e864.dll
Size

100KB
MD5

e9f629fba437508d46d98562a5627168
SHA1

56e5c62b79f6114752b68fbc57d3ab08bf433280
SHA256

0764408bc422786a13040d885050a7cbf6c99cbb004cdc74119bbaa40b34e864
SHA512

b0143bc04758f3218d426e8770a4070119464674e4c21a4fdf70d33c09dc8488a0b8c873cd3fc0d3eb1c2a415e8b1ec61601f75b14ba9767775b4c8e476d7d3d
SSDEEP

1536:fglyIto47i1nGtwfSkjmh9vo/ZVMWn+aXcmY9+/QMsWjcdlnyVMi7FC:342ngUSkj5RKWn+aRelnyVMi7FC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2296	2220	rundll32.exe	28
PID 2220 wrote to memory of 2296	2220	rundll32.exe	28
PID 2220 wrote to memory of 2296	2220	rundll32.exe	28
PID 2220 wrote to memory of 2296	2220	rundll32.exe	28
PID 2220 wrote to memory of 2296	2220	rundll32.exe	28
PID 2220 wrote to memory of 2296	2220	rundll32.exe	28
PID 2220 wrote to memory of 2296	2220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0764408bc422786a13040d885050a7cbf6c99cbb004cdc74119bbaa40b34e864.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0764408bc422786a13040d885050a7cbf6c99cbb004cdc74119bbaa40b34e864.dll,#1
  2⤵
  PID:2296