46a1cf19aff111db0bce8206d56e2cf23c8faf9c547440c18ecec9dd5aef61ef

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
09/10/2023, 19:52

Target

1316-430-0x00000000033B0000-0x00000000034E1000-memory.dll
Size

1.2MB
MD5

b5cb922b7957183235fa05428049d158
SHA1

6d4cf6904b4eb6ca3b3cf1a3e244c110d20316f4
SHA256

46a1cf19aff111db0bce8206d56e2cf23c8faf9c547440c18ecec9dd5aef61ef
SHA512

4dbacd1fb7d4faccab60d4a92f5facc97d9595b76f98b90acde827e23ca7f241402682f57257c5fbdb7b7716c1fc12b92a8dbc4b66ac510bc3d71bf91360eefa
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAK1ftxmbfYQJZKnGo:7I99DEWVtQAKZmn0G

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2148	2928	rundll32.exe	28
PID 2928 wrote to memory of 2148	2928	rundll32.exe	28
PID 2928 wrote to memory of 2148	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1316-430-0x00000000033B0000-0x00000000034E1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2928 -s 56
  2⤵
  PID:2148