af89c96fe21fc9d13a05e7c1fb400ed511dd18e6a956f36547ea87ef506e81e4

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 06:09

Target

1744-55-0x00000000001A0000-0x00000000001C4000-memory.dll
Size

144KB
MD5

2669cad0371eb6cbb30cf7f86d014860
SHA1

1e4bc3a83e6af10278c4acf2dd2d0840aad8c1df
SHA256

af89c96fe21fc9d13a05e7c1fb400ed511dd18e6a956f36547ea87ef506e81e4
SHA512

1d784d2e3eb5afb4cf2164d2df50e03b21c62548c0848e6b99382b57a0b11b943699cb1b2babedc3c3db6b576d87a7c5179351f392134aaa9d687a80347fcdf8
SSDEEP

3072:yna0+BXiKUAb+437jTAmLJ12/ekTBfPQWpnP:E+BShAq43vUaJY/ekTBH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 1048 wrote to memory of 2052	1048	rundll32.exe	28
PID 1048 wrote to memory of 2052	1048	rundll32.exe	28
PID 1048 wrote to memory of 2052	1048	rundll32.exe	28
PID 1048 wrote to memory of 2052	1048	rundll32.exe	28
PID 1048 wrote to memory of 2052	1048	rundll32.exe	28
PID 1048 wrote to memory of 2052	1048	rundll32.exe	28
PID 1048 wrote to memory of 2052	1048	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1744-55-0x00000000001A0000-0x00000000001C4000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1744-55-0x00000000001A0000-0x00000000001C4000-memory.dll,#1
  2⤵
  PID:2052