9d0a3ae5ce3137221a1024008c32cf2a55bd5dc2b02f29014643fa71e41a67f3

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
09-09-2022 13:34

Target

1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll
Size

136KB
MD5

ee51524edc5e4d3ba9b0ae9bd0c7764b
SHA1

a523b3272ac3af0495151e8431b6a8c8579e6696
SHA256

9d0a3ae5ce3137221a1024008c32cf2a55bd5dc2b02f29014643fa71e41a67f3
SHA512

8fec75c151ca1ac937a28c3547d2c05ad5a11e89fc4c5d69ffa318b537782162ebfaff30694f8a7d966f05131fc31b5daca461adec075276732e37f5bf996ca3
SSDEEP

3072:afryJRYSh3e3msZAmJZt1h8lTBfZdeuAAA:qyJBh3e3tymJn1alTBxUuA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2032 wrote to memory of 2016	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2016	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2016	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2016	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2016	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2016	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2016	2032	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1
2⤵
PID:2016

memory/2016-54-0x0000000000000000-mapping.dmp

Download
memory/2016-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download