c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 02:29

Target

c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll
Size

56KB
MD5

cb9fe75997ed9eb1750e82de87c2c3d2
SHA1

811bd7c24e3c275e83d1ca7111349a27571ca5d8
SHA256

c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660
SHA512

3a555f06720d7596d3e773c1d44c90e7a3c3c1cea6c7223e3a2e60cd83e9f189210535f2477ecf227b80241d06b053615d7b7ecd89e08dc015dee97640fbdb4f
SSDEEP

768:2MEyU2joCXwPaPOZxZ6pRb0x5sOV4YklKq:oyUuAC6xopRbIuY2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll,#1
  2⤵
  PID:2216