c7af605f313be3a2fb4f8723f06debea52d65634b5708539a02d68cb8d7a629c

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-03-2024 13:55

Target

2024-54-0x0000000000920000-0x0000000000943000-memory.dll
Size

140KB
MD5

04d328430969a98fc0f3c880549efc76
SHA1

7f2340ce7bc20bf91411f647aa89b4cf0038f000
SHA256

c7af605f313be3a2fb4f8723f06debea52d65634b5708539a02d68cb8d7a629c
SHA512

af59af56204210d936ac897c870b99bdc728ed0b0f37cf95d53e9b6320f164bb07ae7ca08afa4a6a6df2c88bcabc5325571a95fc10d740bf1bcb9cfac2a957bb
SSDEEP

3072:maUblT1tz2in4h7N4ww7ymYAmJhBv2MTBf/lrEns3m:ZUbJn4hx4wQ9mJTv2MTBXlqs3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2756 wrote to memory of 2804	2756	rundll32.exe	28
PID 2756 wrote to memory of 2804	2756	rundll32.exe	28
PID 2756 wrote to memory of 2804	2756	rundll32.exe	28
PID 2756 wrote to memory of 2804	2756	rundll32.exe	28
PID 2756 wrote to memory of 2804	2756	rundll32.exe	28
PID 2756 wrote to memory of 2804	2756	rundll32.exe	28
PID 2756 wrote to memory of 2804	2756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2024-54-0x0000000000920000-0x0000000000943000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2024-54-0x0000000000920000-0x0000000000943000-memory.dll,#1
  2⤵
  PID:2804