1b4193409f97394db766eaeb33397bb879409f03cab7e54dc1f9a09c28697a31

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-03-2024 07:13

Target

1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll
Size

56KB
MD5

4f81b31addb341c6a35d3b01b2025e8a
SHA1

14742e07ca600dfd009a15f5ec7884cd0ffa6a36
SHA256

1b4193409f97394db766eaeb33397bb879409f03cab7e54dc1f9a09c28697a31
SHA512

c501ae7936922ac0646046bd27c2a46858f9b9e592c7c45b88f6f0678961434748634f9a6e91251bd82a6b583f5eb74bf6916729a495bc18c8a22ebb4b213bfd
SSDEEP

768:A2R1W1xm3L4xvRy5NGQgGoKItuFe666yuwyF8sj1YsFVOZd43HmIt6J:PMbm3L4f2oKItuLn3kfsLs9/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2836 wrote to memory of 2964	2836	rundll32.exe	rundll32.exe
PID 2836 wrote to memory of 2964	2836	rundll32.exe	rundll32.exe
PID 2836 wrote to memory of 2964	2836	rundll32.exe	rundll32.exe
PID 2836 wrote to memory of 2964	2836	rundll32.exe	rundll32.exe
PID 2836 wrote to memory of 2964	2836	rundll32.exe	rundll32.exe
PID 2836 wrote to memory of 2964	2836	rundll32.exe	rundll32.exe
PID 2836 wrote to memory of 2964	2836	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll,#1
2⤵
PID:2964