5b9596ee3546639316fde052a54dea67ec8e21d1e6928ce6eb6ede4c20d98117

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01/10/2023, 02:04

Target

1064-394-0x0000000003580000-0x00000000036B1000-memory.dll
Size

1.2MB
MD5

979dddef3ea8f34e3b52a6801db81e2e
SHA1

4198cadab679e2c7c5ef4f1a4bda9decf4829321
SHA256

5b9596ee3546639316fde052a54dea67ec8e21d1e6928ce6eb6ede4c20d98117
SHA512

9aa0692ab13d41c94c40961a9c166c8b95afc69924d4f6928361d20250085b09cdafc1a88521c9d7661f1a977e1546dbd82eac6a7f8630dfd7a72ee2be0f6b65
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAX1ftxmbfYQJZKLTG:7I99DEWVtQAXZmn0P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2588	2996	rundll32.exe	28
PID 2996 wrote to memory of 2588	2996	rundll32.exe	28
PID 2996 wrote to memory of 2588	2996	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1064-394-0x0000000003580000-0x00000000036B1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2996 -s 56
  2⤵
  PID:2588