342fbfdd7e4170b0b2fcc08ca9986a135c577162295aec86f157dfb48d01f0a5

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02-10-2023 23:18

Target

1672-970-0x0000000003690000-0x00000000037C1000-memory.dll
Size

1.2MB
MD5

26cf86ec1ad21d243f3767d24436e61d
SHA1

27933edffc9c337808ecc870bc7f85934eec5a89
SHA256

342fbfdd7e4170b0b2fcc08ca9986a135c577162295aec86f157dfb48d01f0a5
SHA512

c86e7c74df4aea91d062b9daab40709123c193eec12bd754e021e6190029a44b112426146318b0308419a5adeccc817539968e36d6275957532a8e8f302a2c81
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA81ftxmbfYQJZKYcI:7I99DEWVtQA8Zmn0Z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1724	2208	rundll32.exe	28
PID 2208 wrote to memory of 1724	2208	rundll32.exe	28
PID 2208 wrote to memory of 1724	2208	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1672-970-0x0000000003690000-0x00000000037C1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2208 -s 56
  2⤵
  PID:1724