3d3afa3144bdfd3880bfaa9c52f9179a96de01b43c6888a7c485036009868f15

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 15:42

Target

1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll
Size

144KB
MD5

830821e5588a0bc67ca850720d1c977c
SHA1

c33c7a76b9cbe550be0171548a479a791646d683
SHA256

3d3afa3144bdfd3880bfaa9c52f9179a96de01b43c6888a7c485036009868f15
SHA512

6697639b254bbf145cca7ead980c82d47f379c55c374776dd937cfae636792b6d3b32aad3d023abf31c1705540aff77c125c13d4363bf3ec0ebe584b3e340cde
SSDEEP

3072:BkrG2QtyJ9eEW3hFCr0AsJJmv520TBfPgy:BGzeEgh4rhsJsvs0TBnL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2924 wrote to memory of 2872	2924	rundll32.exe	28
PID 2924 wrote to memory of 2872	2924	rundll32.exe	28
PID 2924 wrote to memory of 2872	2924	rundll32.exe	28
PID 2924 wrote to memory of 2872	2924	rundll32.exe	28
PID 2924 wrote to memory of 2872	2924	rundll32.exe	28
PID 2924 wrote to memory of 2872	2924	rundll32.exe	28
PID 2924 wrote to memory of 2872	2924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll,#1
  2⤵
  PID:2872