821818e91d3203811e03830420c58065c6e2ef5d1b8f71f25bfb4be671540da5

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07-02-2023 10:54

Target

940-56-0x0000000010000000-0x0000000010177000-memory.dll
Size

1.5MB
MD5

2d31293c421369b7161ad93a29d6c9ce
SHA1

380d757276880be16ad4927f90ace25bb3e56578
SHA256

821818e91d3203811e03830420c58065c6e2ef5d1b8f71f25bfb4be671540da5
SHA512

feaf4bad3a792cd18dcfa0328c0161e7f427a6f38d5646ea2feb368185b8c8b5c5ed4eb2887be292acf56dc35da199c90250c62e45ebc08e2be0e5f5b0479e16
SSDEEP

24576:CazXgPltxX913tS4Ka8yskqoSXMmBIvgHJOKiNFHyoovI/jto:CaDgdtn13nKFyMoS8mB4gHJOJFSVvIr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1508 wrote to memory of 1504	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1504	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1504	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1504	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1504	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1504	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1504	1508	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\940-56-0x0000000010000000-0x0000000010177000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\940-56-0x0000000010000000-0x0000000010177000-memory.dll,#1
2⤵
PID:1504

memory/1504-54-0x0000000000000000-mapping.dmp

Download
memory/1504-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/1504-56-0x0000000010000000-0x0000000010177000-memory.dmp

Filesize
1.5MB

Download