79a6152f1a75926a2e5643486aab3f2053bf3499608fa27dbb07dc6cddf8bd26

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 00:53

Target

550ae6eb5fc22d173cb05380cb00f16c.dll
Size

19KB
MD5

550ae6eb5fc22d173cb05380cb00f16c
SHA1

333259bb6c61bacfc946609eed622995f8b9ba69
SHA256

79a6152f1a75926a2e5643486aab3f2053bf3499608fa27dbb07dc6cddf8bd26
SHA512

a715d01fd4f8a81b67ec0230281a5cb56a7f9085e53bc65b82f2522b6e76adb9c8035f15429c0eb2b498fa52eb13e8e2ac858c07527340e357fd43100f4b6831
SSDEEP

384:VmzAoiqASqYDNjzuuAALKFeuHRfu0sjd6T2++7ajOfZP/m0N:VIu+jzuuAALKUuHZsI+7CqR3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1752	1720	rundll32.exe	28
PID 1720 wrote to memory of 1752	1720	rundll32.exe	28
PID 1720 wrote to memory of 1752	1720	rundll32.exe	28
PID 1720 wrote to memory of 1752	1720	rundll32.exe	28
PID 1720 wrote to memory of 1752	1720	rundll32.exe	28
PID 1720 wrote to memory of 1752	1720	rundll32.exe	28
PID 1720 wrote to memory of 1752	1720	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\550ae6eb5fc22d173cb05380cb00f16c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\550ae6eb5fc22d173cb05380cb00f16c.dll,#1
  2⤵
  PID:1752