490f10a349e8ebb124da0e3859cad5555bfd6cf351504feac64f2b2f133eeffa

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20-04-2023 06:56

Target

2000-54-0x0000000000910000-0x0000000000A6C000-memory.dll
Size

1.4MB
MD5

7af99303fa89f4284ec69d0d99b1ae89
SHA1

c53f0a9ac7d0aec353547ffea7f4da15f9d664c6
SHA256

490f10a349e8ebb124da0e3859cad5555bfd6cf351504feac64f2b2f133eeffa
SHA512

9e6cf23fea9ab18321b03182ac3daeddf1197566efffcd01cfffe5cbee0ef05b5fa8b9a8a7c63372fae6140babe6cccc245a8fcae50cf2d4815e94a757e58622
SSDEEP

3072:1WtCpm1pdODVkDZEnlb4fDiWc8hoKYQiS0YzHpxgGTvIw:16cZnlb4fD28fiS0YzYGTQw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 820 wrote to memory of 1244	820	rundll32.exe	28
PID 820 wrote to memory of 1244	820	rundll32.exe	28
PID 820 wrote to memory of 1244	820	rundll32.exe	28
PID 820 wrote to memory of 1244	820	rundll32.exe	28
PID 820 wrote to memory of 1244	820	rundll32.exe	28
PID 820 wrote to memory of 1244	820	rundll32.exe	28
PID 820 wrote to memory of 1244	820	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2000-54-0x0000000000910000-0x0000000000A6C000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2000-54-0x0000000000910000-0x0000000000A6C000-memory.dll,#1
  2⤵
  PID:1244