a0675a077c4a183c77409b1f319e2f918474a866ca7cafa746115dbe11edd18f

Analysis

max time kernel
1558s
max time network
1560s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 15:14

Target

jqgCɏ̎qi̌Łj/live.dll
Size

356KB
MD5

ff96038992b0cfebf0b14c64cc787165
SHA1

6e9415c70615951234cf7eb01596201c1eec89af
SHA256

0a1db7400c04647e3dcad45d6b75a3d724dc3118ce00e8d86bb187b5b67333ab
SHA512

0f1e4a19c46cc8540aa7c27d253e8f47b0997a77529ea08a44430afcce132feb49c2913671cbcd5b54ef22b5fb2ad6845c8a6ba3f7ff49b36c91d83fa0e22666
SSDEEP

6144:kqhWT8rKSGBHqTenWsw5L1TBEq22MWKkY5HCtmjKIrtQ7MR0:p7XGVqTeLv19eY5HCmx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1508	2176	rundll32.exe	28
PID 2176 wrote to memory of 1508	2176	rundll32.exe	28
PID 2176 wrote to memory of 1508	2176	rundll32.exe	28
PID 2176 wrote to memory of 1508	2176	rundll32.exe	28
PID 2176 wrote to memory of 1508	2176	rundll32.exe	28
PID 2176 wrote to memory of 1508	2176	rundll32.exe	28
PID 2176 wrote to memory of 1508	2176	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\jqgCɏ̎qi̌Łj\live.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\jqgCɏ̎qi̌Łj\live.dll,#1
  2⤵
  PID:1508