ea732dde359cf9c36aca24861d232f8702d2ef8619519bcc50a3939b19f1cfcb

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-10-2022 14:02

Target

1720-57-0x0000000000450000-0x0000000000479000-memory.dll
Size

164KB
MD5

3086b650859e6983cd1af0681d3df7d7
SHA1

512fb5e9f2ea72dec2448f9b687d45f439c245bf
SHA256

ea732dde359cf9c36aca24861d232f8702d2ef8619519bcc50a3939b19f1cfcb
SHA512

899ceb672e03fda9127eade1aedf16ebb92c975c485d39003a8d81a9970f0fe7cd80a0cb8fcaf4c57f59490be2bd1517994d9a1556aae3b72d641abec3e83e24
SSDEEP

3072:/rLt4lA1fWpcqhAdJXGFnLTBfJVy3AO/ya:DR421fWlKdJWFnLTBBU3j/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 900 wrote to memory of 780	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 780	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 780	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 780	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 780	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 780	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 780	900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1720-57-0x0000000000450000-0x0000000000479000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1720-57-0x0000000000450000-0x0000000000479000-memory.dll,#1
2⤵
PID:780

memory/780-54-0x0000000000000000-mapping.dmp

Download
memory/780-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download