361ffa5a8953c8f36d61116c4903cb08ca3d0a65ea314a3d5d43f3ad82c38b70

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 22:43

Target

1792-404-0x0000000003830000-0x0000000003961000-memory.dll
Size

1.2MB
MD5

786d7d571dd133f5a234cc6741e71181
SHA1

db3b7a36439981684b1584da9a5eafed8eaa6163
SHA256

361ffa5a8953c8f36d61116c4903cb08ca3d0a65ea314a3d5d43f3ad82c38b70
SHA512

635b860975aced6b127820a18aba1c7c4b26233140c5e74145163499c82435f0c9b66fa4bd95c1fba747e8cc3651ca8577999ba9d98b4d9874b8a3c5e9bd163f
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAy1ftxmbfYQJZKyuz:7I99DEWVtQAyZmn0F

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2672	2976	rundll32.exe	28
PID 2976 wrote to memory of 2672	2976	rundll32.exe	28
PID 2976 wrote to memory of 2672	2976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1792-404-0x0000000003830000-0x0000000003961000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2976 -s 56
  2⤵
  PID:2672