0062085d8b1427a4312513f47ab50bcd453e1eac98279e0c765de27da76a0857

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 21:32

Target

4776-332-0x0000000003670000-0x00000000037A1000-memory.dll
Size

1.2MB
MD5

c174cd771cd9bf573cfacfb87009a9f7
SHA1

24b4319dcc68d2566e78fc7fe95b6cc0a4b0ab72
SHA256

0062085d8b1427a4312513f47ab50bcd453e1eac98279e0c765de27da76a0857
SHA512

50654edaea58e9347d7d7d7fa69bd9e39694b117a7f1703d0fac04728ec6e4d64826e915f44bf96574241ec69f7aac44e4b41273049f9778fe20d7aa090bb9d1
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAG1ftxmbfYQJZKlBIn:7I99DEWVtQAGZmn04

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2076	2080	rundll32.exe	17
PID 2080 wrote to memory of 2076	2080	rundll32.exe	17
PID 2080 wrote to memory of 2076	2080	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4776-332-0x0000000003670000-0x00000000037A1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2080 -s 56
  2⤵
  PID:2076