e77d95611c7c74183bb66a1fb190f95fb1a7fd00e117bbc8ee82f8b9b79b5bb1

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 07:13

Target

bdff22bac4be85eac6084e51abc0b415.dll
Size

150KB
MD5

bdff22bac4be85eac6084e51abc0b415
SHA1

a7a74ac439142722ddbcfbe98c88a3a35334727c
SHA256

e77d95611c7c74183bb66a1fb190f95fb1a7fd00e117bbc8ee82f8b9b79b5bb1
SHA512

f32633fd651b7b15087eae52d2661d31a92779f7f78c8d8d636fd8a6de5d2fcb4712cda3f05b443a0a530ac6029906335e9b5ecd6891c348570f2790df3e55e5
SSDEEP

1536:x7L5TrV2bgkb4QLoL/AphbF93Ve4PiVeePMG78m/jwmhb3:BLN1QLoL/AfF93ueePMoBhD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 3060	1992	rundll32.exe	28
PID 1992 wrote to memory of 3060	1992	rundll32.exe	28
PID 1992 wrote to memory of 3060	1992	rundll32.exe	28
PID 1992 wrote to memory of 3060	1992	rundll32.exe	28
PID 1992 wrote to memory of 3060	1992	rundll32.exe	28
PID 1992 wrote to memory of 3060	1992	rundll32.exe	28
PID 1992 wrote to memory of 3060	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdff22bac4be85eac6084e51abc0b415.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdff22bac4be85eac6084e51abc0b415.dll,#1
  2⤵
  PID:3060