7e6823ef3fd61c585a8a0dbc300ae497c446c40488c334cf11b665ab1276b902

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12-09-2022 16:01

Target

2028-57-0x0000000000190000-0x00000000001B2000-memory.dll
Size

136KB
MD5

fa2767faff861611df0feee8332f4d99
SHA1

51499e5a47f5d2394c2da1e743a1f69f4b5a85d0
SHA256

7e6823ef3fd61c585a8a0dbc300ae497c446c40488c334cf11b665ab1276b902
SHA512

2a9ff61d8b9ff62871284be983e76f3d0499b9a1dab72ce0899d3d1ba30b6ce42ef6e79603fd7b842910e0c9aa92e0623a7c2e981f9b01bcea5f66775cc283e1
SSDEEP

3072:MIB2eaBXiqqAiKB8C+AdlJuYlZMYTBfZCg2:j2/yfAiK9LvJhlZMYTBxCg2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1576 wrote to memory of 584	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 584	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 584	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 584	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 584	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 584	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 584	1576	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2028-57-0x0000000000190000-0x00000000001B2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2028-57-0x0000000000190000-0x00000000001B2000-memory.dll,#1
  2⤵
  PID:584

memory/584-54-0x0000000000000000-mapping.dmp

Download
memory/584-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download