d5ca30e40c057df4e0fab1e5a214598a80c13011aa82b6d6a71fb4c660255075

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30/09/2023, 05:00

Target

4572-336-0x0000000003470000-0x00000000035A1000-memory.dll
Size

1.2MB
MD5

e5ba22477ee0e26a0366a4aaecb0e592
SHA1

689227311a15b9cfb7bdbbce9b035ffba5c7cdd6
SHA256

d5ca30e40c057df4e0fab1e5a214598a80c13011aa82b6d6a71fb4c660255075
SHA512

4028884c2b44d2299461e32d3b9c0979326e706d31c8dd2f784eeb29c8e4ab85600fada66d14c382f79778462d4d149bd75943455ad2b1d589bb2f1f5d105e2f
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAm1ftxmbfYQJZK665:7I99DEWVtQAmZmn0Z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2188	2332	rundll32.exe	28
PID 2332 wrote to memory of 2188	2332	rundll32.exe	28
PID 2332 wrote to memory of 2188	2332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4572-336-0x0000000003470000-0x00000000035A1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2332 -s 56
  2⤵
  PID:2188