a72acf3bb8a45ffc8c515222dfa2eab3390e7a4c5642af20d5138881603f41d6

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-01-2023 15:52

Target

836-57-0x0000000001C00000-0x0000000001C22000-memory.dll
Size

136KB
MD5

92a62943ad0c6e4ed34868e1506f76d5
SHA1

f9471a6c5532ab4376ce8f97648d0b2efba3242a
SHA256

a72acf3bb8a45ffc8c515222dfa2eab3390e7a4c5642af20d5138881603f41d6
SHA512

0404ef14cd24a2c512046adce55f4c9442f6197f44c8f42160c7f1ebf0e5becbff63c200b15e55d3f6d48311f77599f9e360188de768f359b71f343f65e5af73
SSDEEP

3072:aAPgRPiNeLQ8S+ApA6JVt1YBTBfZjexm:aWgHLLS1i6Jn1YBTBRSx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1664 wrote to memory of 1760	1664	rundll32.exe	rundll32.exe
PID 1664 wrote to memory of 1760	1664	rundll32.exe	rundll32.exe
PID 1664 wrote to memory of 1760	1664	rundll32.exe	rundll32.exe
PID 1664 wrote to memory of 1760	1664	rundll32.exe	rundll32.exe
PID 1664 wrote to memory of 1760	1664	rundll32.exe	rundll32.exe
PID 1664 wrote to memory of 1760	1664	rundll32.exe	rundll32.exe
PID 1664 wrote to memory of 1760	1664	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\836-57-0x0000000001C00000-0x0000000001C22000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\836-57-0x0000000001C00000-0x0000000001C22000-memory.dll,#1
2⤵
PID:1760

memory/1760-54-0x0000000000000000-mapping.dmp

Download
memory/1760-55-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download