267e79017f594a69f6b7b83198bdccd6cde68851057d7e9dfd6a1a84406e1a98

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
09-09-2022 13:37

Target

2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll
Size

136KB
MD5

ac0c8e0da2f97e895009c07f859a269e
SHA1

c613788affcbb8f70517ea1336bf18e51fa7e811
SHA256

267e79017f594a69f6b7b83198bdccd6cde68851057d7e9dfd6a1a84406e1a98
SHA512

e94824b7b57dd42e4f37cd0550b7cd4c6a7b3f6d73040a1bb1ec5add5e078836e2e9a5565c38662ec52afdfcd6ad05d900676f5dc5ab3a1c1dbc1d4aca3eff99
SSDEEP

3072:7873wynovR3O2MpAGJJ9V+nFTBfZteNtA:7mgxR3OdiGJHV+nFTBxEN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1308 wrote to memory of 1356	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 1356	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 1356	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 1356	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 1356	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 1356	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 1356	1308	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll,#1
2⤵
PID:1356

memory/1356-54-0x0000000000000000-mapping.dmp

Download
memory/1356-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download