fee6225d025407a4ad4b3910112d41fb39d712e770eb842beb44273efd63d70e

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08-09-2022 13:58

Target

1112-58-0x00000000008E0000-0x0000000000902000-memory.dll
Size

136KB
MD5

3df21ba60801472caafa71c3632035e5
SHA1

d713b0e53915ef7f6488eee219a69ec192368c92
SHA256

fee6225d025407a4ad4b3910112d41fb39d712e770eb842beb44273efd63d70e
SHA512

6ade7589cbb616b79f8d71825d4a58fcd99e89871ddd813aef1fc20be12a669df67e49aabf02b88c70df6d881fa53a660a4ca611c87537aaf907dcaccf425453
SSDEEP

3072:KJJfPnrN866+/5/HZqKAHJo+H9ITBfKw6YaFAa:K3nrN81+/5/HQfHJlH9ITBVVIV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1204 wrote to memory of 1344	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1344	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1344	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1344	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1344	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1344	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1344	1204	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1112-58-0x00000000008E0000-0x0000000000902000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1112-58-0x00000000008E0000-0x0000000000902000-memory.dll,#1
2⤵
PID:1344

memory/1344-54-0x0000000000000000-mapping.dmp

Download
memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download