509888aee1f5f6a7a22ab2f35a21e420ea6ce2f80154673cab3c06b28e8504cc

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/10/2023, 22:44

Target

4968-662-0x0000000003780000-0x00000000038B1000-memory.dll
Size

1.2MB
MD5

4ce9edda6f8390ab7cfeb3745edf323c
SHA1

8282b41ab603073323498219dfb339b58b9d499c
SHA256

509888aee1f5f6a7a22ab2f35a21e420ea6ce2f80154673cab3c06b28e8504cc
SHA512

41b8312e9ab4cf81466951703bee0fced8179dcca1c7347a9ff8487fc964940c75655a7ab868c9bf78bd3187e2f5c3fcfc85084bd14602d80205ef0c5d67170a
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA31ftxmbfYQJZKDzp:7I99DEWVtQA3Zmn0n

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2420	2484	rundll32.exe	28
PID 2484 wrote to memory of 2420	2484	rundll32.exe	28
PID 2484 wrote to memory of 2420	2484	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4968-662-0x0000000003780000-0x00000000038B1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2484 -s 56
  2⤵
  PID:2420