f3c8f51cc72a89b490b1ad9c1977c9ff75df55b9af5bc48bb24d2f02a19f9126

Analysis

max time kernel
26s
max time network
29s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
23-06-2023 00:22

Target

1208-135-0x0000000010000000-0x0000000010024000-memory.dll
Size

144KB
MD5

7c13a176aea67a81ffbb5b087ba67a91
SHA1

fcc77f82ec2be834d4444c97863f3cebfbfe723b
SHA256

f3c8f51cc72a89b490b1ad9c1977c9ff75df55b9af5bc48bb24d2f02a19f9126
SHA512

108acc6fa79d581211365d7fea416b120168f4c89558445feaeffdefd5dce504bfc50ecaf142be2d2fa5c52b3805febf039917dbf82513df800f66c252e0c6ff
SSDEEP

3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefAcTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefAcTBIFwCK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1640 wrote to memory of 1876	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 1876	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 1876	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 1876	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 1876	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 1876	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 1876	1640	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1208-135-0x0000000010000000-0x0000000010024000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1208-135-0x0000000010000000-0x0000000010024000-memory.dll,#1
2⤵
PID:1876