198828ec5c03ed4335959cc93b16e34cb7a0a8e7ba329d4de6e81a714b684064

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07/10/2023, 04:04

Target

2100-81-0x00000000033F0000-0x0000000003521000-memory.dll
Size

1.2MB
MD5

284c192e526e82420bcf81e3940bba02
SHA1

4c28c6c6f94bf335f308b28b7a9c8aef28f25a72
SHA256

198828ec5c03ed4335959cc93b16e34cb7a0a8e7ba329d4de6e81a714b684064
SHA512

129a61f0f89e31e6f36d32cd12b2f8d0616211575b4ea9321c4e7c022d931fef640e6de22050b7c5de55e833854a0fd49376939b4dc6b3964f444c967c0bda80
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA+1ftxmbfYQJZKiZRy4:7I99DEWVtQA+Zmn0iZ0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2084	1932	rundll32.exe	28
PID 1932 wrote to memory of 2084	1932	rundll32.exe	28
PID 1932 wrote to memory of 2084	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2100-81-0x00000000033F0000-0x0000000003521000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1932 -s 56
  2⤵
  PID:2084