b076cb7ea8c7c38c5345022dd6cdf7bf35a505d9a8408226509a4bb71067e205

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 21:36

Target

2516-702-0x0000000002DC0000-0x0000000002EF1000-memory.dll
Size

1.2MB
MD5

83590cb28d52ff7a73caa61447a69612
SHA1

8750d886837f807378032c0614d5055edfc95d76
SHA256

b076cb7ea8c7c38c5345022dd6cdf7bf35a505d9a8408226509a4bb71067e205
SHA512

7b41b4aaf1f2002642c8bd649c358eb46de22f8714ebe9237cea887efe3e5415b445c5c287ce3ee072789f678c6cec57a07a254b6806be3f6275de1c67effe73
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAu1ftxmbfYQJZKQg+:7I99DEWVtQAuZmn0h

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2200	748	rundll32.exe	28
PID 748 wrote to memory of 2200	748	rundll32.exe	28
PID 748 wrote to memory of 2200	748	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-702-0x0000000002DC0000-0x0000000002EF1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 748 -s 56
  2⤵
  PID:2200