7bbb458e6579df29118174eb65579f6f02773e8ead9e89b65933191796774617

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 16:07

Target

libgpg-error-0.dll
Size

167KB
MD5

f00d0500d0e18f9cbbf24df4c867447f
SHA1

930c42e51296f9c706b683973d36b32401adea88
SHA256

2aef5c58f9454174d816729fce925919d8c5994a37f129288357bf8ec2b26783
SHA512

71f9d683ab1bbfe3ff247cdd2da99c29fdaf7c55489773aad58004ef853709d962de3f08f63b01bda3467366bf49eab4e86634e10837473446e9788df6d9682c
SSDEEP

3072:1VLFn1do/If9mvLJmVj+JP2xxFTTa6MpVf1JJKDo7wvQGxm8uNIW2A:vFn1db9mvLJmAurTaxVf1JJKDo7wvzxQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2368 wrote to memory of 2212	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2212	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2212	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2212	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2212	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2212	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2212	2368	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libgpg-error-0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libgpg-error-0.dll,#1
2⤵
PID:2212