3f1c8adbd059874897bb65e4c4c9c702ea8cb7df2bc09ad487f7fbb11ea89146

Analysis

max time kernel
42s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-01-2023 14:21

Target

1724-57-0x0000000000180000-0x00000000001A2000-memory.dll
Size

136KB
MD5

11cba8a4bd8c6def554aeba821c7809e
SHA1

ef22e515036bccf6b7f2d04532504d734fc77105
SHA256

3f1c8adbd059874897bb65e4c4c9c702ea8cb7df2bc09ad487f7fbb11ea89146
SHA512

8a31e547a0d74842aa27e4b7b210f6a4cd6aeb20dddeef87c0a5f91f4e9aebb39181af3c57c2b5494d7df4b2abd8f41fce44a1600f4cb442ff731b45176d85ca
SSDEEP

1536:wWQQ1B+ZqZk4CpCTcaqiKAeZAwRkBA/r/FyJFmIyQAIO5nToIfppEegrzU7:wWQjdPaBKjZAOcA/sJ8ID2RTBfpCeJ7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 340 wrote to memory of 1732	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 1732	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 1732	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 1732	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 1732	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 1732	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 1732	340	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1724-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:340

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1724-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
2⤵
PID:1732

memory/1732-54-0x0000000000000000-mapping.dmp

Download
memory/1732-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download