f4d7e91665915d53fb53706384f808328b382cd73b280fc1cfe5bd06e29ae68d

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01-10-2023 03:31

Target

760-351-0x0000000002B80000-0x0000000002CB1000-memory.dll
Size

1.2MB
MD5

179138e51a2d2beebe0137252c787832
SHA1

193cd70d5f66f6827889bf39c3cd18ae1cd1b3ca
SHA256

f4d7e91665915d53fb53706384f808328b382cd73b280fc1cfe5bd06e29ae68d
SHA512

5593b3842135e915b4a83764f714a6a036cbb80600ad92d04152e2adf1a59873504f5ccf48ab53ba84e1455912a1be1e91dd82fb193a3e7b27023e3b453929b0
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAq1ftxmbfYQJZKxCNv:7I99DEWVtQAqZmn0+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2296	1952	rundll32.exe	28
PID 1952 wrote to memory of 2296	1952	rundll32.exe	28
PID 1952 wrote to memory of 2296	1952	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\760-351-0x0000000002B80000-0x0000000002CB1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1952 -s 56
  2⤵
  PID:2296