84f8ab4a6cbd74f7078a76f0964c91f886849038f32551c2359ac4b0e5762cd2

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01/10/2023, 07:22

Target

2316-323-0x00000000035D0000-0x0000000003701000-memory.dll
Size

1.2MB
MD5

94cae2518e790c4b8a76b2442224fbff
SHA1

4ec9d8212a72e977dd40dcd745fe9f01f28766f2
SHA256

84f8ab4a6cbd74f7078a76f0964c91f886849038f32551c2359ac4b0e5762cd2
SHA512

b25ad77851471f66a2d188ee882bfeea9c0fcc5687fed654fe33cc3fd3c433949702b0646227c76ec037fcea11ba8c02961eea80d76a3fb181015c1a2b1864d9
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAw1ftxmbfYQJZK2I/:7I99DEWVtQAwZmn0f

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1724	2208	rundll32.exe	28
PID 2208 wrote to memory of 1724	2208	rundll32.exe	28
PID 2208 wrote to memory of 1724	2208	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2316-323-0x00000000035D0000-0x0000000003701000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2208 -s 56
  2⤵
  PID:1724