d7828ef8690949d656c83390d3a76addf7daf3db45ab071dbd5e5e8a48887622

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04-03-2024 12:01

Target

620-133-0x0000000001520000-0x0000000001544000-memory.dll
Size

144KB
MD5

d5b439628238a3a13de21193fdbebb5b
SHA1

b55fcdb67dc299bc920f4f2a4623a002f0f12d46
SHA256

d7828ef8690949d656c83390d3a76addf7daf3db45ab071dbd5e5e8a48887622
SHA512

d0ff0868fc197b2c6554baef702c54db586e2eedbbbab1798d5d8078f408a1a9ff596f7f7cbed693f37c8cc519518076e59f066208f113b09544e02f07110723
SSDEEP

3072:MzwUtG96KAmroClmAyJA9VQATBfPqZzho:EtwLAIouDyJGVQATBHql

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2368 wrote to memory of 1204	2368	rundll32.exe	28
PID 2368 wrote to memory of 1204	2368	rundll32.exe	28
PID 2368 wrote to memory of 1204	2368	rundll32.exe	28
PID 2368 wrote to memory of 1204	2368	rundll32.exe	28
PID 2368 wrote to memory of 1204	2368	rundll32.exe	28
PID 2368 wrote to memory of 1204	2368	rundll32.exe	28
PID 2368 wrote to memory of 1204	2368	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\620-133-0x0000000001520000-0x0000000001544000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\620-133-0x0000000001520000-0x0000000001544000-memory.dll,#1
  2⤵
  PID:1204