8b28c1435ba73ae861b9181496ed8d4818231181f39e2d449ee16e00252ba492

Analysis

max time kernel
63s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 04:37

Target

1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll
Size

6.4MB
MD5

8443edeb5f6c8d850271bcbecce07268
SHA1

59ddee885fe26cdf2a861b0fb2f311fdcdd5ebbc
SHA256

8b28c1435ba73ae861b9181496ed8d4818231181f39e2d449ee16e00252ba492
SHA512

29c504070f8c476567fefc165bb40c9acad116ba6c354f5b71c5250358e48a7ce5fb85217f6303ff2d9f893077c8cee68abe1da0ef1416f7aa3a2a5c1feb794e
SSDEEP

98304:7fxUmSHqb9IyyJFQ4Ql67EUWbSuakEs7H7AY8vjVSPe:7fSmSUaQbVakJ/j8N

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2008 wrote to memory of 1444	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1444	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1444	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1444	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1444	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1444	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1444	2008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll,#1
2⤵
PID:1444

memory/1444-54-0x0000000000000000-mapping.dmp

Download
memory/1444-55-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download