db777377a840c24b7a96935b08b4c2c3cd174ebbdea51718bef7332b54d5efc6

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 03:00

Target

886183bc29e01eb1822ab272f01e7ffb.dll
Size

26KB
MD5

886183bc29e01eb1822ab272f01e7ffb
SHA1

11d0af6ece623e2cb2da7880c496e16b96fa015f
SHA256

db777377a840c24b7a96935b08b4c2c3cd174ebbdea51718bef7332b54d5efc6
SHA512

c35472c1eda86fd613badda381d6a81a598e491a724ee44350713cfbda86468d78271012084446165c79ce7a1ca86f78cabb0e1d127635d86a1b667765766b54
SSDEEP

384:LwCKO9mePXT3nDQrVMliMcobWKJbc5bll0yXYi4YgOC/+w7bPjX:cO5nkSNcCbc5Zl0yXcQwnjX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2212	2084	rundll32.exe	28
PID 2084 wrote to memory of 2212	2084	rundll32.exe	28
PID 2084 wrote to memory of 2212	2084	rundll32.exe	28
PID 2084 wrote to memory of 2212	2084	rundll32.exe	28
PID 2084 wrote to memory of 2212	2084	rundll32.exe	28
PID 2084 wrote to memory of 2212	2084	rundll32.exe	28
PID 2084 wrote to memory of 2212	2084	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\886183bc29e01eb1822ab272f01e7ffb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\886183bc29e01eb1822ab272f01e7ffb.dll,#1
  2⤵
  PID:2212