9b7a76b16a8b7fec56dc8ebe3b50803019d9db56ec276fa0ae82d8277f2bd397

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 01:12

Target

9b7a76b16a8b7fec56dc8ebe3b50803019d9db56ec276fa0ae82d8277f2bd397.dll
Size

31KB
MD5

0b7c1b32e9eb178f0df8b912397ea298
SHA1

2e28dafbf5e70cdd692cd169ef294f1f944aa718
SHA256

9b7a76b16a8b7fec56dc8ebe3b50803019d9db56ec276fa0ae82d8277f2bd397
SHA512

b7a9b7f01641e30a05e76c8d8bed635a92771eefe30e11896463e34968800c93233282759ebca199a32a6758ca64635293c293a8c84c927ba2bdd68dd95be924
SSDEEP

768:0MtieINC1EEPU+T15y3vUL2zAENAMx8gn:vMetEE8+Z5y3g2ZxJn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2060	2476	rundll32.exe	28
PID 2476 wrote to memory of 2060	2476	rundll32.exe	28
PID 2476 wrote to memory of 2060	2476	rundll32.exe	28
PID 2476 wrote to memory of 2060	2476	rundll32.exe	28
PID 2476 wrote to memory of 2060	2476	rundll32.exe	28
PID 2476 wrote to memory of 2060	2476	rundll32.exe	28
PID 2476 wrote to memory of 2060	2476	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b7a76b16a8b7fec56dc8ebe3b50803019d9db56ec276fa0ae82d8277f2bd397.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b7a76b16a8b7fec56dc8ebe3b50803019d9db56ec276fa0ae82d8277f2bd397.dll,#1
  2⤵
  PID:2060