f53dc46cee16a83c9af73ef349e38a625d14c4f9763eef9f5b146e59847c34b6

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
14-09-2022 14:47

Target

948-59-0x0000000000230000-0x00000000002B0000-memory.dll
Size

512KB
MD5

f9865f02f41b45d9669b5f0c944d13ef
SHA1

052e8922e3ea922d21bf1aa969fd9201d4e4bf2a
SHA256

f53dc46cee16a83c9af73ef349e38a625d14c4f9763eef9f5b146e59847c34b6
SHA512

904aee9531e7c1e0d6a881738bb0f03cacc1dfdfc956668b59a3cd9514f61f1180a8b63472b363d1e6b0cfb1800df7089bdd434eac0159ee42c281d658796d51
SSDEEP

12288:0RlddJulJ9doT/e1J9doT/eARlddJulJ9doT/eZ:0RlJkWT/IWT/jRlJkWT/8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1204 wrote to memory of 1196	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1196	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1196	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1196	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1196	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1196	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1196	1204	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\948-59-0x0000000000230000-0x00000000002B0000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\948-59-0x0000000000230000-0x00000000002B0000-memory.dll,#1
2⤵
PID:1196

memory/1196-54-0x0000000000000000-mapping.dmp

Download
memory/1196-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download