1452facb5685f0ca10b0bc954fef88d7739e2fb7773c5b7701c47f6f82cebed2

Analysis

max time kernel
27s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-12-2022 09:58

Target

1508-144-0x0000000010000000-0x0000000010B6B000-memory.dll
Size

2.1MB
MD5

1edd2baa17d5688319496fa455af4e7f
SHA1

4f2f131c4986b402e80f4bc0666c6c80fdab6da6
SHA256

1452facb5685f0ca10b0bc954fef88d7739e2fb7773c5b7701c47f6f82cebed2
SHA512

6b29aa4b98852375f41ff26561ee2239ec3ce7d3e5de8b30c6404e3e27e5ebd17cd5995ba4dcf48e389b2d2d7b12223b0b3af65f7792c95b754901339fcea1a6
SSDEEP

49152:mUSomvOjpWKzTOEpYMIR6Td3+odh4f/6lobWlHtiUw+ZM:mUSomvGbfjIA+or+ClobWKUwCM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 668 wrote to memory of 1836	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 1836	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 1836	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 1836	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 1836	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 1836	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 1836	668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1508-144-0x0000000010000000-0x0000000010B6B000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1508-144-0x0000000010000000-0x0000000010B6B000-memory.dll,#1
2⤵
PID:1836

memory/1836-54-0x0000000000000000-mapping.dmp

Download
memory/1836-55-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download