e77235aa49e949cb4ed2132d199ab5ce440335f8a9f9e56ecc8ef50e70ce8f77

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30-09-2023 17:36

Target

4056-403-0x0000000002ED0000-0x0000000003001000-memory.dll
Size

1.2MB
MD5

582dd05d9e59b04df3d560564e8b43f2
SHA1

4fce94ad3c3de84d7b187b910cb927341c89e939
SHA256

e77235aa49e949cb4ed2132d199ab5ce440335f8a9f9e56ecc8ef50e70ce8f77
SHA512

b65f4ffcf4e01e0a0737dd00bec607e8ebc8a2b8c8998d6f3e494ebeb9cb07d7319abcdf953dd8a2634b67c4bdfd2cbb48b0744d4cf17024ac3b97b03fb85c9a
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA91ftxmbfYQJZKJDS:7I99DEWVtQA9Zmn0Z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2448	2436	rundll32.exe	28
PID 2436 wrote to memory of 2448	2436	rundll32.exe	28
PID 2436 wrote to memory of 2448	2436	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4056-403-0x0000000002ED0000-0x0000000003001000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2436 -s 56
  2⤵
  PID:2448