74c8d1e6a13ce450a783ebfc0a5c326fd9c3dc38aa8c3c81ae8d5a0d30df3e2a

Analysis

max time kernel
30s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-04-2023 11:25

Target

1376-54-0x0000000010000000-0x0000000010015000-memory.dll
Size

84KB
MD5

ae9212b9676494d2b0c5d130f3563c17
SHA1

8a11f7c7962bdad4650f4f213c8686468b2a7a5b
SHA256

74c8d1e6a13ce450a783ebfc0a5c326fd9c3dc38aa8c3c81ae8d5a0d30df3e2a
SHA512

81bfc1a489ca4e092d8a8ec93a0fee1c3b7fe3c514ed2d67783d6cfdcbf3b1d88054a1f7d2f233de1d3b10a330bb358ac6bbf29b181265fa51cc025c3fbb2875
SSDEEP

1536:iTsenhY8kwtuwL7hSm1RhoIOdnToIfAUfegGHE:SsEY8mwnhStVTBfAUfeHE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 1496	912	rundll32.exe	26
PID 912 wrote to memory of 1496	912	rundll32.exe	26
PID 912 wrote to memory of 1496	912	rundll32.exe	26
PID 912 wrote to memory of 1496	912	rundll32.exe	26
PID 912 wrote to memory of 1496	912	rundll32.exe	26
PID 912 wrote to memory of 1496	912	rundll32.exe	26
PID 912 wrote to memory of 1496	912	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1376-54-0x0000000010000000-0x0000000010015000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1376-54-0x0000000010000000-0x0000000010015000-memory.dll,#1
  2⤵
  PID:1496