28e082dfa6351c9a26fdea0b8978ab67e2a6f72488dfe3537f0b3e004b8d0772

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15-09-2022 13:10

Target

1168-57-0x0000000000190000-0x00000000001B2000-memory.dll
Size

136KB
MD5

8feba93e211ab79d768e2e5f4d1ef6c2
SHA1

0178a58b28dd99eaedc04fa6cd9150382b5a83df
SHA256

28e082dfa6351c9a26fdea0b8978ab67e2a6f72488dfe3537f0b3e004b8d0772
SHA512

b071269531c8a0eafef0019937dbdef94b19e58efe0acb3d70432f248b628910d5705268262cef901dee7905fd2659a5106d464c7f2baf265fef054692028aaf
SSDEEP

3072:bHQgaOi+EfiOBcnFAshJt5lHdTBfZbel7:jQddfiln2+JvlHdTBxKl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1368 wrote to memory of 980	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 980	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 980	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 980	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 980	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 980	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 980	1368	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1168-57-0x0000000000190000-0x00000000001B2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1168-57-0x0000000000190000-0x00000000001B2000-memory.dll,#1
2⤵
PID:980

memory/980-54-0x0000000000000000-mapping.dmp

Download
memory/980-55-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download