940993fa9bc3c92bf427da886e67d1dd5d42fb5dad7df1f9504be460edf14536

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/10/2023, 10:18

Target

2848-667-0x00000000031A0000-0x00000000032D1000-memory.dll
Size

1.2MB
MD5

5223d5104088de65dcaebfe7afec5d9f
SHA1

3a10e8ae4fcaaac6c7115bba4cf3e8ee605d4de7
SHA256

940993fa9bc3c92bf427da886e67d1dd5d42fb5dad7df1f9504be460edf14536
SHA512

452876cc6d3c36ae9ba53718a16e3cc17c7de09ce5c8ef0eb4d60519c3ba54c9edd0f12879d1331af2e866d025b0e1b97a2f3b088efc599d47545c64cc2c829d
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAF1ftxmbfYQJZKStq:7I99DEWVtQAFZmn0+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 1996	2828	rundll32.exe	28
PID 2828 wrote to memory of 1996	2828	rundll32.exe	28
PID 2828 wrote to memory of 1996	2828	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2848-667-0x00000000031A0000-0x00000000032D1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2828 -s 56
  2⤵
  PID:1996