fce39205ff82ec839593455dae5072a7dcaff6f64ee53b3a41777861e57fde39

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30/09/2023, 18:42

Target

2096-343-0x00000000035B0000-0x00000000036E1000-memory.dll
Size

1.2MB
MD5

13808fddb49855c0b201d23c093ad8e6
SHA1

176d6dd47eee830194d31adfed17da631add99d2
SHA256

fce39205ff82ec839593455dae5072a7dcaff6f64ee53b3a41777861e57fde39
SHA512

4483b78cf01435e3ed7eb05f43725de794a874a03c898ec73cb2d823241df4ed0ff1652f9a6e4a4eda7ddc8fe4457ece73d13b4dea98a73c319cd8c78a59da48
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAq1ftxmbfYQJZKImD:7I99DEWVtQAqZmn0b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 1232	1188	rundll32.exe	28
PID 1188 wrote to memory of 1232	1188	rundll32.exe	28
PID 1188 wrote to memory of 1232	1188	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2096-343-0x00000000035B0000-0x00000000036E1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1188 -s 56
  2⤵
  PID:1232