777c869fe42050bbdb6f8553a34e1b226a1c6c795a2c68d21a3ec42dda763ecc

Analysis

max time kernel
133s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:24

Target

777c869fe42050bbdb6f8553a34e1b226a1c6c795a2c68d21a3ec42dda763ecc.dll
Size

79KB
MD5

4aaa439057c3988725e29938e973bb10
SHA1

c678e4e3087f5bf63dba2ba6c877121d71c2a81b
SHA256

777c869fe42050bbdb6f8553a34e1b226a1c6c795a2c68d21a3ec42dda763ecc
SHA512

4d3b612c85e7660261692221cbb82aff716ec00aee19979de9df361ca539d8f4795bbc0152cefa6233accbab2c4da82e2c94eac2a1f498df0c7b458763f7d7a5
SSDEEP

1536:BRJ7zXwN1qfBm783YUcqhd/vaTHnPBukHv7SUasWlcdG+WQ4hJJdn:BRJfnZm783Ywd/vUZ7tXG+WQUJJd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5104 wrote to memory of 856	5104	rundll32.exe	rundll32.exe
PID 5104 wrote to memory of 856	5104	rundll32.exe	rundll32.exe
PID 5104 wrote to memory of 856	5104	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\777c869fe42050bbdb6f8553a34e1b226a1c6c795a2c68d21a3ec42dda763ecc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\777c869fe42050bbdb6f8553a34e1b226a1c6c795a2c68d21a3ec42dda763ecc.dll,#1
  2⤵
  PID:856