4a6cd0f938df65507bba806ea0817d58e835fbc65b6dd5c2409661cfde27b552

Analysis

max time kernel
43s
max time network
80s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/10/2022, 22:18

Target

916-98-0x00000000001F0000-0x0000000000219000-memory.dll
Size

164KB
MD5

e816ceb0e69e7b6033d1a8682c7bf187
SHA1

74fa6cddb06c7d704723d0aa51c6a77526890963
SHA256

4a6cd0f938df65507bba806ea0817d58e835fbc65b6dd5c2409661cfde27b552
SHA512

bb21de1985cec2685d0da0576147488f0020d8da6dcfde1b5c31e21f98533321ccee024d77a2a061b11cce99cebff1dbfcfe4ab388e60d7045c34b39796c0a7e
SSDEEP

3072:I6GUBFg7DotQOXABJtMtUvTBfd7ynUO/ya:eUBG7DopQBJWtUvTBV2n//

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\916-98-0x00000000001F0000-0x0000000000219000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\916-98-0x00000000001F0000-0x0000000000219000-memory.dll,#1
  2⤵
  PID:540

memory/540-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download