796bb48e4db7a1a3a9d3f874c431b8d578a6ed0971035a5b0dab5f56518e77e3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 11:35

Target

796bb48e4db7a1a3a9d3f874c431b8d578a6ed0971035a5b0dab5f56518e77e3.dll
Size

48KB
MD5

d9227b6ff93874cbf2372e2427a046e5
SHA1

0eb4408f1c5ea60b6ede20870fd013ba6ae85e04
SHA256

796bb48e4db7a1a3a9d3f874c431b8d578a6ed0971035a5b0dab5f56518e77e3
SHA512

d197d01381e2f6120b84e9a28dbd0998c15674703ac588e652d6a10672aa5c30a1f910d71a21ee2ee2fc4334dfc8daf9577a4851595c969749ace81ed3c9df9b
SSDEEP

384:IbEXPvkJj8p88D/AmhJrtUr+ZvT4nYB7I/2d:IoXP1pZAmBtZv82d

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2528	2060	rundll32.exe	28
PID 2060 wrote to memory of 2528	2060	rundll32.exe	28
PID 2060 wrote to memory of 2528	2060	rundll32.exe	28
PID 2060 wrote to memory of 2528	2060	rundll32.exe	28
PID 2060 wrote to memory of 2528	2060	rundll32.exe	28
PID 2060 wrote to memory of 2528	2060	rundll32.exe	28
PID 2060 wrote to memory of 2528	2060	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\796bb48e4db7a1a3a9d3f874c431b8d578a6ed0971035a5b0dab5f56518e77e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\796bb48e4db7a1a3a9d3f874c431b8d578a6ed0971035a5b0dab5f56518e77e3.dll,#1
  2⤵
  PID:2528