bf3d66bc251a6a886b3ba3202965cc0077313690c015c0478ac0d0f9085e4953

Analysis

max time kernel
122s
max time network
147s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 21:39

Target

2500-434-0x0000000003620000-0x0000000003751000-memory.dll
Size

1.2MB
MD5

382f067f29b41637e1bff093aa6d237e
SHA1

ce1133442ace40f023e23edd897d45a718b37b89
SHA256

bf3d66bc251a6a886b3ba3202965cc0077313690c015c0478ac0d0f9085e4953
SHA512

ceb6b41c71b6c4a50bdea7b42f919568d1f96a3a8324b6697686d5d4ae12d9b4b515d5ab680a5399f5a058c1c3e428ae687faa87f76df8bd1271d955914845a0
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAt1ftxmbfYQJZKxFB:7I99DEWVtQAtZmn0j

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2360	2356	rundll32.exe	28
PID 2356 wrote to memory of 2360	2356	rundll32.exe	28
PID 2356 wrote to memory of 2360	2356	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2500-434-0x0000000003620000-0x0000000003751000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2356 -s 56
  2⤵
  PID:2360