bffac5cab249ab84c12d13fb6ddf2d12f2f181b83fa2c6860da49c42bb537ba6

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/10/2023, 03:56

Target

384-622-0x0000000003AF0000-0x0000000003C21000-memory.dll
Size

1.2MB
MD5

3ea21a7df77dc771e5ef640215bc2a6d
SHA1

5d63bff019d96c4724763749e4e27f4ad75f88ef
SHA256

bffac5cab249ab84c12d13fb6ddf2d12f2f181b83fa2c6860da49c42bb537ba6
SHA512

e1b2feb6090e1ebf0948a49ba23ce1769359d71e5137013eb941fd08bb5aa6f56b58ae3c5d3948e8df69f1801b9412cb8f1a8d6506037551a3b20a9dc99b2187
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAu1ftxmbfYQJZK/Co:7I99DEWVtQAuZmn0a

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2988	2972	rundll32.exe	28
PID 2972 wrote to memory of 2988	2972	rundll32.exe	28
PID 2972 wrote to memory of 2988	2972	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\384-622-0x0000000003AF0000-0x0000000003C21000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2972 -s 56
  2⤵
  PID:2988