1347ba1bca8a62397a91cf71b9f640b817772e8f2ce3a7d0ae88136ee774c904

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-12-2022 10:27

Target

1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll
Size

11.4MB
MD5

edf9f0111a501bebb57abfc0830ad0c9
SHA1

12ac68f512ef17c6737da7306c91d13b9ec5636a
SHA256

1347ba1bca8a62397a91cf71b9f640b817772e8f2ce3a7d0ae88136ee774c904
SHA512

61adce14bc496288aca15487dd674fa1cf3030d33e92d167d6723020bc01cbdf0be9d3222084fc2d3504a2af5f4d0d828e93398cad159f5b624540e6d3e2eb9b
SSDEEP

196608:XGGb+HxmVUtsQrcAnh7VrVMf3ksPqmzcl+LG314Hujb7KgkYCbGNBmHTE:XG++RPwQ7BMfUON+2HBb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1336 wrote to memory of 1176	1336	rundll32.exe	rundll32.exe
PID 1336 wrote to memory of 1176	1336	rundll32.exe	rundll32.exe
PID 1336 wrote to memory of 1176	1336	rundll32.exe	rundll32.exe
PID 1336 wrote to memory of 1176	1336	rundll32.exe	rundll32.exe
PID 1336 wrote to memory of 1176	1336	rundll32.exe	rundll32.exe
PID 1336 wrote to memory of 1176	1336	rundll32.exe	rundll32.exe
PID 1336 wrote to memory of 1176	1336	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll,#1
2⤵
PID:1176

memory/1176-54-0x0000000000000000-mapping.dmp

Download
memory/1176-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download