973a796d303982c392361327d61938a798bbcc7d18d1eeeefd9660003f953194

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-09-2022 14:43

Target

948-57-0x0000000000240000-0x0000000000262000-memory.dll
Size

136KB
MD5

0dedd08d538d624130a566b306481bf1
SHA1

cce955f6212aac9f9a3ae774014bdb31156d98fc
SHA256

973a796d303982c392361327d61938a798bbcc7d18d1eeeefd9660003f953194
SHA512

d7a73b3020302c32089d5efcf625ae785089c4924436ee2d6d37f650e139f3aff3f54a3fb38ad7298b60ef1e1b7b0cf2e004df95dba4151a9c29a5ceda4faea1
SSDEEP

3072:anv39P5nOs6KddJHOQAjJaQLdoTBfJkIaFAi:YN5nOjKddJuljJ9LdoTBh7Il

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\948-57-0x0000000000240000-0x0000000000262000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\948-57-0x0000000000240000-0x0000000000262000-memory.dll,#1
2⤵
PID:788

memory/788-54-0x0000000000000000-mapping.dmp

Download
memory/788-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download