ab3e13c1e507e4f5f5fd6ae2b401b71cb04ce51893b3f0673a08c8b719618ac2

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-09-2022 12:33

Target

1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll
Size

136KB
MD5

b04332066f402ae5cf346323f16d58f4
SHA1

9a76f1be665bdd1375444e466274f0ade8e35a61
SHA256

ab3e13c1e507e4f5f5fd6ae2b401b71cb04ce51893b3f0673a08c8b719618ac2
SHA512

c351e7ed95aa97f2ef202fec7a3725913a30abf270c40a7ea4a14c99fc9d09de9f09a7d1f4be54f6bf19d2fb4f6bfb482f5478b32afbc9e43d87b5799a899ee9
SSDEEP

1536:k6aE1pQ6Z4UC5OGna2VgG1D8ABoBAbjEJ9iMm06BHIOZnToIfpV8egrzMf:k6adbnacj1D8eIAEJIMrYpxTBfpee5f

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1884 wrote to memory of 1168	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 1168	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 1168	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 1168	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 1168	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 1168	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 1168	1884	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1884

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#1
2⤵
PID:1168

memory/1168-54-0x0000000000000000-mapping.dmp

Download
memory/1168-55-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download