2f7bd714ae7488db7ceba3ab4d56bd5902a08cd25684aa5a0aa45891a2d5870d

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17-10-2022 12:21

Target

304-57-0x0000000010000000-0x00000000100FE000-memory.dll
Size

1016KB
MD5

c7594476b332307d1e56faa58b92e85d
SHA1

6e07b210e2630ec2bd8a0b6d145302713531d41f
SHA256

2f7bd714ae7488db7ceba3ab4d56bd5902a08cd25684aa5a0aa45891a2d5870d
SHA512

39ad3ce858a7eb1f4c88917a8002fa9d59ee4e2f206d681c3daa35be1b7a4b6a08814c72e41190c4ddd27e07293ad44305ad15f5591fa0215116dbedf9bedb14
SSDEEP

3072:TZC17cmKI3EH67NHwMUPyvcBw7qw59H2ZqJPP/uKIxTBfyYuiujZbbRG:qaa5HwByFqY9HHJGKIxTBqVjZbVG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\304-57-0x0000000010000000-0x00000000100FE000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\304-57-0x0000000010000000-0x00000000100FE000-memory.dll,#1
2⤵
PID:540

memory/540-54-0x0000000000000000-mapping.dmp

Download
memory/540-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download