ede0eefc0303a3ba7e89ce083fb405ab6fbbf8e07aa3198d797d053970008374

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20/09/2023, 16:25

Target

4444-416-0x00000000031A0000-0x00000000032D1000-memory.dll
Size

1.2MB
MD5

bd93fc0edff2f56090303c6c93e3d576
SHA1

b64914954287c8715ed83d8e60effb6f820c62ec
SHA256

ede0eefc0303a3ba7e89ce083fb405ab6fbbf8e07aa3198d797d053970008374
SHA512

6873fffddd474f9610bcceeb538a069c21c967ef520e49f49975be2f5cd86758c284277490e080ff25600e921c86a0f4c87fbd6315dd6366fa74fb2a2c708ab2
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAF1ftxmbfYQJZKHtS:7I99DEWVtQAFZmn0N

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2260	2080	rundll32.exe	28
PID 2080 wrote to memory of 2260	2080	rundll32.exe	28
PID 2080 wrote to memory of 2260	2080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4444-416-0x00000000031A0000-0x00000000032D1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2080 -s 56
  2⤵
  PID:2260