a81ea22669579f82801519dd2dd7f70293b049eaf9e4812406c0e4fbbd419190

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-09-2022 13:46

Target

820-57-0x0000000000130000-0x0000000000152000-memory.dll
Size

136KB
MD5

a7a59dc2827d6635b533651d81945742
SHA1

4549ce2e028e4815cd9c39954313af05f1f867a2
SHA256

a81ea22669579f82801519dd2dd7f70293b049eaf9e4812406c0e4fbbd419190
SHA512

e2b8a0183d24e5818622252d584195743d941ca81ad543afc27ecf5d0766d1255f71e8347bb62e5f30c4e4d82b4dab00ac4548d80dfa0e2be18e99fb15a320f6
SSDEEP

3072:yFAwlNqY4PtpT0uk3A2J7/N2pTBfFbeNPA:6AkkY4PtpT0hw2JjN2pTB9KN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 768 wrote to memory of 1536	768	rundll32.exe	rundll32.exe
PID 768 wrote to memory of 1536	768	rundll32.exe	rundll32.exe
PID 768 wrote to memory of 1536	768	rundll32.exe	rundll32.exe
PID 768 wrote to memory of 1536	768	rundll32.exe	rundll32.exe
PID 768 wrote to memory of 1536	768	rundll32.exe	rundll32.exe
PID 768 wrote to memory of 1536	768	rundll32.exe	rundll32.exe
PID 768 wrote to memory of 1536	768	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\820-57-0x0000000000130000-0x0000000000152000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\820-57-0x0000000000130000-0x0000000000152000-memory.dll,#1
2⤵
PID:1536

memory/1536-54-0x0000000000000000-mapping.dmp

Download
memory/1536-55-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download