ab0ab7c15d9a468a784a7ccad07dab3b9cd850f818c4ade8837b29f7fb24ea76

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/10/2023, 22:05

Target

2340-392-0x0000000003190000-0x00000000032C1000-memory.dll
Size

1.2MB
MD5

ef0a2d67b26e3afa71d8ddeaffd95f7a
SHA1

09b5a43d726061481fb8b943219364d3f6be3a34
SHA256

ab0ab7c15d9a468a784a7ccad07dab3b9cd850f818c4ade8837b29f7fb24ea76
SHA512

b1218b2d69f858a6fc8e44afa977b6f5c805aa94630d3b778e9d2abc1409790220d285dababce8b07317c0bfbc0ce75d2b4baea65a3e81fc65c68cf58a03d5ad
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAs1ftxmbfYQJZKwsv:7I99DEWVtQAsZmn0h

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2324	1508	rundll32.exe	28
PID 1508 wrote to memory of 2324	1508	rundll32.exe	28
PID 1508 wrote to memory of 2324	1508	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2340-392-0x0000000003190000-0x00000000032C1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1508 -s 56
  2⤵
  PID:2324