7f972efa3c8fc3b1ad0fefb05e975545ce96562ef4ef44509ab55154f1208cac

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-09-2022 12:32

Target

904-57-0x0000000000180000-0x00000000001A2000-memory.dll
Size

136KB
MD5

a1bd173c7a5e61543ab4ce0e29394f31
SHA1

c66bf9683250212853e48b73f523c68817cf31a0
SHA256

7f972efa3c8fc3b1ad0fefb05e975545ce96562ef4ef44509ab55154f1208cac
SHA512

c1f64190f9982804be658c7b9198b92d2b647a004c8fda76350405ceb947d53ecaa4356b267fc0a45cfeafacd412c301dd0bdd2ad820586f846d33ef67e7eb13
SSDEEP

3072:wWQjdPaBKjZAOcA/sJ8IDVvRTBfpCeJ5:XQJCgjZ55kJ7DRRTBBZJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1684 wrote to memory of 368	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 368	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 368	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 368	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 368	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 368	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 368	1684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\904-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\904-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
2⤵
PID:368

memory/368-54-0x0000000000000000-mapping.dmp

Download
memory/368-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download