7b08b5f42954093d6a2342171eb6dc8da6a9d7d3f1d546b4f7c7a3f5345d4aa6

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
13-09-2022 13:19

Target

1960-57-0x0000000000140000-0x0000000000162000-memory.dll
Size

136KB
MD5

e3a9620044e86095d38cb2eafb8cfdfb
SHA1

8d0f9d10fb7b863d0e999b4f8cc7d0469c835f20
SHA256

7b08b5f42954093d6a2342171eb6dc8da6a9d7d3f1d546b4f7c7a3f5345d4aa6
SHA512

02be5750419b4a7f2e8e9b1c5073b2d103c3f4907a7e92471118176b4bf1488d913bf75819620d8cfd9e12d8431eac368566989e41046f9721e9a0518f6d55bf
SSDEEP

1536:0Cf1pg43ZwsCJ28qerxgmtszKiSMQhABArbMJNq0ecieIOpnToIfp9cegrzsk:0CmTqETtsxOgAkJA0LVBTBfpWepk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1724 wrote to memory of 1128	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1128	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1128	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1128	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1128	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1128	1724	rundll32.exe	rundll32.exe
PID 1724 wrote to memory of 1128	1724	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1960-57-0x0000000000140000-0x0000000000162000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1960-57-0x0000000000140000-0x0000000000162000-memory.dll,#1
2⤵
PID:1128

memory/1128-54-0x0000000000000000-mapping.dmp

Download
memory/1128-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download