4a7c1074c0b02e852b2ce6a2fe4f28d04d01da3ce8cf0e3938174d9f6447af57

Analysis

max time kernel
26s
max time network
30s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
23-06-2023 04:59

Target

456-133-0x0000000010000000-0x0000000010024000-memory.dll
Size

144KB
MD5

29bd5934750cf7751515d88f1438b70d
SHA1

3241ae1fac769d79063df4bed9973dfd1227533d
SHA256

4a7c1074c0b02e852b2ce6a2fe4f28d04d01da3ce8cf0e3938174d9f6447af57
SHA512

3083f11ef9607aaf699d3c56326a6a7563c0eb8516c52f6336686695d7e4b9e84767f481596d655c7a540ba0ede2a45040421f684e53ec94a048d0add2458440
SSDEEP

3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefVcTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefVcTBIFwCK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1992 wrote to memory of 2012	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2012	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2012	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2012	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2012	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2012	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2012	1992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\456-133-0x0000000010000000-0x0000000010024000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\456-133-0x0000000010000000-0x0000000010024000-memory.dll,#1
2⤵
PID:2012