2b77071d9a45e9ca22d02a6b583d2de26b5060ccc3854b248c87cf7f96e49a32

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 20:08

Target

2b77071d9a45e9ca22d02a6b583d2de26b5060ccc3854b248c87cf7f96e49a32.dll
Size

485KB
MD5

328641b3bdb2fb56dd59ea4ac2a1ddb3
SHA1

c705b4f85bd9aa3a9dd05142c2e70ddc6f7f5bc5
SHA256

2b77071d9a45e9ca22d02a6b583d2de26b5060ccc3854b248c87cf7f96e49a32
SHA512

92de1f1eb4c2acfe2fb5d4dbe71d6f0faaf4405c576e3b1cef40f8faafdc999a48dc455c68de2b92205f04c08047283865131ffb04068f25b7bf4f3e4e57e388
SSDEEP

6144:79SffnLgvyHpLV4VbPwwZ02aGY5ZYwJizg7F11O/p0Rdx8Zt50U:7UnLEmkTv02aGY5HB7bdx8Zt50U

Score

8^/10

Blocklisted process makes network request 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1396	1740	rundll32.exe	28
PID 1740 wrote to memory of 1396	1740	rundll32.exe	28
PID 1740 wrote to memory of 1396	1740	rundll32.exe	28
PID 1740 wrote to memory of 1396	1740	rundll32.exe	28
PID 1740 wrote to memory of 1396	1740	rundll32.exe	28
PID 1740 wrote to memory of 1396	1740	rundll32.exe	28
PID 1740 wrote to memory of 1396	1740	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b77071d9a45e9ca22d02a6b583d2de26b5060ccc3854b248c87cf7f96e49a32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b77071d9a45e9ca22d02a6b583d2de26b5060ccc3854b248c87cf7f96e49a32.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:1396