796bbb79895aad98e67862b4059c35b899bc0727827d029ee309f666be29ec38

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 20:53

Target

f77818735e6474a448aac13f35477790.dll
Size

156KB
MD5

f77818735e6474a448aac13f35477790
SHA1

30b72af8f6b68fb6be430197b848e22d8f5bf5d3
SHA256

796bbb79895aad98e67862b4059c35b899bc0727827d029ee309f666be29ec38
SHA512

c759d5c93de821545ca27aaee0e9a29deea59e0505bf24a59ef95bcc462c1cb76d4e2d32b1e8252091e72a405408724624b7cc6af19d942cd9588ff25a30e184
SSDEEP

3072:N1GcXTaDb6IvCj5MyoQdffEuD+N+tDHuFhuU+MYCd7q:Nxe36IvwfoQd3lDtDHuFhb+MYz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f77818735e6474a448aac13f35477790.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f77818735e6474a448aac13f35477790.dll,#1
  2⤵
  PID:2508