5128e05613215486f17d1ff96d591911e7903368f1390d8ae522b70be9873842

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:22

Target

1544-471-0x00000000030B0000-0x00000000031E1000-memory.dll
Size

1.2MB
MD5

3ff52010d32a16f4d1e1fc66dc63ac47
SHA1

c1533649f66fff1ff9a34a3aef30ced5ae0e1769
SHA256

5128e05613215486f17d1ff96d591911e7903368f1390d8ae522b70be9873842
SHA512

4946f22e93bd99be338029c4ca4e7b1c6b80ba5e64a535297b4c4adedb2cf2ad22574b3526eca430d87746066eac521d6554a0fd5480cfbfa3eab60d6f2cb48a
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAa1ftxmbfYQJZKLCWj:7I99DEWVtQAaZmn0B

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2476	2268	rundll32.exe	28
PID 2268 wrote to memory of 2476	2268	rundll32.exe	28
PID 2268 wrote to memory of 2476	2268	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1544-471-0x00000000030B0000-0x00000000031E1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2268 -s 56
  2⤵
  PID:2476