3ca8a049a19043d610d10e3ee5c6e2657dfe3889d3fcc90dfa2fee52bca70ffe

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 17:34

Target

768-54-0x0000000010000000-0x000000001001C000-memory.dll
Size

112KB
MD5

565f360aca19c2a9ff038eb15386ec40
SHA1

260a206f9e195ea34861945612dac9717ac25301
SHA256

3ca8a049a19043d610d10e3ee5c6e2657dfe3889d3fcc90dfa2fee52bca70ffe
SHA512

e69011e5027f201311e552dfee27bee39493cddd7f88acab1d2aebedda749d3ff1b641b8cd9f188239505c8a0795171d8ee5c7be4c8e6e0c7163a94305842e9d
SSDEEP

1536:q/53CYUR1wmJkoSA53IXn85c5I9yHT0eRddORHFnToIf2ryZuhPZ6m8gz:qIIC25afeDdYHtTBf2rPZ6m8+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\768-54-0x0000000010000000-0x000000001001C000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\768-54-0x0000000010000000-0x000000001001C000-memory.dll,#1
  2⤵
  PID:2348