8b6ced395a2befbd7d10ecc7bb8bd2df976cf4e1086e94f84abc9319c9e087bb

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 12:33 UTC

Target

libjasper-1.dll
Size

208KB
MD5

20b4d9f52f24c7372139127e3bea0de9
SHA1

512e109d44b22c61aa325ef0a92a6802350071ca
SHA256

8b6ced395a2befbd7d10ecc7bb8bd2df976cf4e1086e94f84abc9319c9e087bb
SHA512

6d134fe47564b2fd606af3ff0e10198aad7da616cc3c2ce52349cc40cf6fe77bd120a9026a88ad89ec3072ea8af8b44a234497aae5ed31ffbd3c31bcde89a73a
SSDEEP

3072:2NQeX/vrn7zEB99Haox5O9afF6uTbtRLlQ/pyqTPnOEmSzT5SkshpOEqAX:2Np7E39l64bv5h8FxT5SkepZX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 1004	880	rundll32.exe	28
PID 880 wrote to memory of 1004	880	rundll32.exe	28
PID 880 wrote to memory of 1004	880	rundll32.exe	28
PID 880 wrote to memory of 1004	880	rundll32.exe	28
PID 880 wrote to memory of 1004	880	rundll32.exe	28
PID 880 wrote to memory of 1004	880	rundll32.exe	28
PID 880 wrote to memory of 1004	880	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libjasper-1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libjasper-1.dll,#1
  2⤵
  PID:1004