745855de030383ed6bde8546fc7aae4754dbe671b72afc8b9f9578d07a005619

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 13:16

Target

220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9_dump.dll
Size

403KB
MD5

503eafcc0a91ba3ffeb5fa181c93a011
SHA1

010a01a6249804b23ff511298a6161ec47a1390b
SHA256

745855de030383ed6bde8546fc7aae4754dbe671b72afc8b9f9578d07a005619
SHA512

4f986408efa996b2b99ea71cd24600cac1380480ca15b3589208efeb02e683ae7c0e0c1103e94e1d508448b3ffcc10a34e638309a8e883b9127797683fe228ae
SSDEEP

6144:TLD2SO9wTMZ8Aj3BcAVETHK1Kq2PUZVqhb81289V4gdl++z9:TLD2sA3WrVUZVd1rV93z9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1200 wrote to memory of 1696	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1696	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1696	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1696	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1696	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1696	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1696	1200	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9_dump.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9_dump.dll,#1
  2⤵
  PID:1696

memory/1696-0-0x0000000076C20000-0x0000000076CE1000-memory.dmp

Filesize
772KB

Download