9cdb8dcc15ca3714a9bf53d8d316bca66643f75e4f40ca15895c7136fe7bdc0e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-03-2024 19:29

Target

2004-54-0x0000000010000000-0x0000000010023000-memory.dll
Size

140KB
MD5

4f51dae1c6181e10574b27171d5efdd5
SHA1

59538604a6ea80773da78d50f2b0fad9eef3a98f
SHA256

9cdb8dcc15ca3714a9bf53d8d316bca66643f75e4f40ca15895c7136fe7bdc0e
SHA512

a38dbc12bc4e3658477bcc3658befc297f1ae744998d5b273d5cf382771fe7af084e478c28ad4b4d11f691c711fe1281875aae3f360b516f2297efa27b04196f
SSDEEP

3072:MjPR4nxKRttVbYKAk67CERzMRAPJyDnoMTBfPuq:MHRxbYK0CEMaPJynoMTBHN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2236 wrote to memory of 2232	2236	rundll32.exe	28
PID 2236 wrote to memory of 2232	2236	rundll32.exe	28
PID 2236 wrote to memory of 2232	2236	rundll32.exe	28
PID 2236 wrote to memory of 2232	2236	rundll32.exe	28
PID 2236 wrote to memory of 2232	2236	rundll32.exe	28
PID 2236 wrote to memory of 2232	2236	rundll32.exe	28
PID 2236 wrote to memory of 2232	2236	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-54-0x0000000010000000-0x0000000010023000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-54-0x0000000010000000-0x0000000010023000-memory.dll,#1
  2⤵
  PID:2232