bba8ec7c96124387fecd78c438617c0765b51a14e3fba7a03cf883ad7c8196eb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 02:18

Target

bba8ec7c96124387fecd78c438617c0765b51a14e3fba7a03cf883ad7c8196eb.dll
Size

81KB
MD5

6bc7d2614947d40b8332350d8c7f8cb9
SHA1

0e4939b1b6e4a9b975bf9644c28de8726e2e0704
SHA256

bba8ec7c96124387fecd78c438617c0765b51a14e3fba7a03cf883ad7c8196eb
SHA512

c10e8dcc5cfa66d1631e5015d35f0773b4c16481f7991b78c6191657d931a4ce45b4857ac9a060ac0dcba0006a55e02791ca1aa9f3a17da604eb63b312b08b39
SSDEEP

1536:ItByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W+:I4v4JKXTx71w0ArSsXF3enq8W+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bba8ec7c96124387fecd78c438617c0765b51a14e3fba7a03cf883ad7c8196eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bba8ec7c96124387fecd78c438617c0765b51a14e3fba7a03cf883ad7c8196eb.dll,#1
  2⤵
  PID:2136