9d0c54a0c475c6a3c946d0da56d0501616572402a2c082264118e003ca7d51d4

Analysis

max time kernel
43s
max time network
137s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
08-09-2022 20:56

Target

1916-58-0x00000000002F0000-0x0000000000312000-memory.dll
Size

136KB
MD5

9d8014802ae6ada3b7308c716bf52ea5
SHA1

80df5c0570abb541a358c7c30e706989505af406
SHA256

9d0c54a0c475c6a3c946d0da56d0501616572402a2c082264118e003ca7d51d4
SHA512

9ecbe19e4402ccf6b596c782c44b4b44c67c81668b648c09205ac8a0ff488c456c27ee57db3ea58d56f4b383c84b1bca2b0b013547c24b6ec9a500e9a652f685
SSDEEP

1536:fhoq17ux3oB/dC/DMarfLiII+U7zJBA+SU9JNRrD5MIOxnToIfN6SegrzgxK:fhw4aXzI+kjAOJfrtCZTBfNXeVxK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 832 wrote to memory of 1640	832	rundll32.exe	rundll32.exe
PID 832 wrote to memory of 1640	832	rundll32.exe	rundll32.exe
PID 832 wrote to memory of 1640	832	rundll32.exe	rundll32.exe
PID 832 wrote to memory of 1640	832	rundll32.exe	rundll32.exe
PID 832 wrote to memory of 1640	832	rundll32.exe	rundll32.exe
PID 832 wrote to memory of 1640	832	rundll32.exe	rundll32.exe
PID 832 wrote to memory of 1640	832	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1916-58-0x00000000002F0000-0x0000000000312000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:832

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1916-58-0x00000000002F0000-0x0000000000312000-memory.dll,#1
2⤵
PID:1640

memory/1640-54-0x0000000000000000-mapping.dmp

Download
memory/1640-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download