3b49d0793af0356c5fac9688a4ff3e15e8fd04537236ad48e9d75227a08b9768

Analysis

max time kernel
227s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
09-12-2022 10:11

Target

1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll
Size

2.1MB
MD5

20d3611f21cee0d135b9c51db871a2bd
SHA1

469f0b2604612c69fc16b8efd6b24dd14037062c
SHA256

3b49d0793af0356c5fac9688a4ff3e15e8fd04537236ad48e9d75227a08b9768
SHA512

2a00ea73d34b6e707ea3453ed7b5841f23d985f39fe53d5a1b709d50205bfde3bb5ac76a6feff369e8fe6f2dc1ab68d722c5afb44f2e8b33cb91081bb39c0716
SSDEEP

49152:hF60mvOjpWKI5lEpYTqETr7Rd/tLyJe6OoY3lHt0UwIY:hF60mvGboLqGd/Be9OoY3MUwp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 580 wrote to memory of 1868	580	rundll32.exe	rundll32.exe
PID 580 wrote to memory of 1868	580	rundll32.exe	rundll32.exe
PID 580 wrote to memory of 1868	580	rundll32.exe	rundll32.exe
PID 580 wrote to memory of 1868	580	rundll32.exe	rundll32.exe
PID 580 wrote to memory of 1868	580	rundll32.exe	rundll32.exe
PID 580 wrote to memory of 1868	580	rundll32.exe	rundll32.exe
PID 580 wrote to memory of 1868	580	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:580

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll,#1
2⤵
PID:1868

memory/1868-54-0x0000000000000000-mapping.dmp

Download
memory/1868-55-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download