e0c569fdb90f01b3215e1be2fbebdd6a06c89a6ac2fc7a15f2bc27adebcd9b65

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-01-2023 19:22

Target

1228-56-0x0000000000200000-0x0000000000222000-memory.dll
Size

136KB
MD5

cfa9622b583d8bf988f6494c96f11649
SHA1

4502ad14add7fcc8322911958152d1dcf1bb6276
SHA256

e0c569fdb90f01b3215e1be2fbebdd6a06c89a6ac2fc7a15f2bc27adebcd9b65
SHA512

ad1a525a0ce19cc4f29c8b91abecf7e50e369f496f458fc258313a5d7cbac2b36d56fd91dce32a8d8fcbf9883926a56f2206bf1310f4b8b015ec56452ca552f6
SSDEEP

3072:dxrPkLQvtZSLf7vSjgR9l687/W3bLn2F4pVpSjb24cD:d9cQlyf7vSq9l42mnUjbE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 1448	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1448	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1448	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1448	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1448	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1448	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1448	1708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1228-56-0x0000000000200000-0x0000000000222000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1228-56-0x0000000000200000-0x0000000000222000-memory.dll,#1
2⤵
PID:1448

memory/1448-54-0x0000000000000000-mapping.dmp

Download
memory/1448-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download