7bbe4959fb7911e1e5027ce811db7130922cc9f1a7163416f8d3bbe62e2a2be7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:37

Target

7bbe4959fb7911e1e5027ce811db7130922cc9f1a7163416f8d3bbe62e2a2be7.dll
Size

6KB
MD5

a81d32101549ca381836c9af787c06b2
SHA1

7af44b8c1fcb423316a8b569a48a9e87b8058d29
SHA256

7bbe4959fb7911e1e5027ce811db7130922cc9f1a7163416f8d3bbe62e2a2be7
SHA512

018cdb0b48064151f63ccc2a69f0db1b277bc9d536af6dc9e86513f3f7e2102615c533232c490ae13dc0678f497203ed7ba93191a5f2a04b6784ea57e3fd56fe
SSDEEP

96:hy859x0P8Maec1PcfA18NxylavHETNouxbqQcl4Qfz:F5oLAYzOQf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2816 wrote to memory of 4092	2816	rundll32.exe	rundll32.exe
PID 2816 wrote to memory of 4092	2816	rundll32.exe	rundll32.exe
PID 2816 wrote to memory of 4092	2816	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bbe4959fb7911e1e5027ce811db7130922cc9f1a7163416f8d3bbe62e2a2be7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2816

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bbe4959fb7911e1e5027ce811db7130922cc9f1a7163416f8d3bbe62e2a2be7.dll,#1
2⤵
PID:4092