2a14729cc8bb343fa55dcd48a0fe4629b4d83e471c6953bd2ebb34a1cc2626e0

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/10/2023, 19:12

Target

2960-372-0x00000000022A0000-0x00000000023D1000-memory.dll
Size

1.2MB
MD5

850cd83e3df2bb1c3a905d593b4c4eff
SHA1

a44e1a88dc202547c84b66d3d347aa8b7654bf46
SHA256

2a14729cc8bb343fa55dcd48a0fe4629b4d83e471c6953bd2ebb34a1cc2626e0
SHA512

f4178d2317a0b8e352bda99caff4ff9af7988058ee9ee7ea40e9b6dcd9cac34037b6ff4b9bb30c9583cff05712e34220d91c571df0ecd5c7adc1c4fbb0fae3e6
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAY1ftxmbfYQJZKCp+4:7I99DEWVtQAYZmn0h

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1944	2268	rundll32.exe	28
PID 2268 wrote to memory of 1944	2268	rundll32.exe	28
PID 2268 wrote to memory of 1944	2268	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2960-372-0x00000000022A0000-0x00000000023D1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2268 -s 56
  2⤵
  PID:1944