76a9768dd0672782e37489fd83569c8607dc706da99886679367b38820a2bf1c

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
16-09-2022 13:03

Target

1916-57-0x00000000007D0000-0x00000000007F2000-memory.dll
Size

136KB
MD5

3e3594b84b61e8efa1663ef22e6233a4
SHA1

875abe53ce26d93de12263488b8b706ebe8e1f4f
SHA256

76a9768dd0672782e37489fd83569c8607dc706da99886679367b38820a2bf1c
SHA512

9c09d93ff641c095c55d9ae4add1ac9466f35f7eeb2c6176d7858767786a61812ef8bc4aeda8ca9ff411679d85d7ffe8737c9dfd8b7b2cfd7c703bdc36af7c43
SSDEEP

1536:mpUbsRa3mqrICJCOghbSn1NgJ+uc97OyBAgcTJ0n0FH9IOcnToIfZsH0ad7C1:m67Wo2/bSzQ+uy6qAfJi013wTBfZqQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1700 wrote to memory of 1124	1700	rundll32.exe	rundll32.exe
PID 1700 wrote to memory of 1124	1700	rundll32.exe	rundll32.exe
PID 1700 wrote to memory of 1124	1700	rundll32.exe	rundll32.exe
PID 1700 wrote to memory of 1124	1700	rundll32.exe	rundll32.exe
PID 1700 wrote to memory of 1124	1700	rundll32.exe	rundll32.exe
PID 1700 wrote to memory of 1124	1700	rundll32.exe	rundll32.exe
PID 1700 wrote to memory of 1124	1700	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1916-57-0x00000000007D0000-0x00000000007F2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1916-57-0x00000000007D0000-0x00000000007F2000-memory.dll,#1
  2⤵
  PID:1124

memory/1124-54-0x0000000000000000-mapping.dmp

Download
memory/1124-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download