d5325a072bd29b0cafd127e36f14873de5667902e1db9c35ed18e838b65df882

Analysis

max time kernel
117s
max time network
143s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:28

Target

1556-361-0x0000000003570000-0x00000000036A1000-memory.dll
Size

1.2MB
MD5

7a5f8f31188af4cba94d140a8d54b389
SHA1

ddc86469790ad25ed800715510f702c8231dbd23
SHA256

d5325a072bd29b0cafd127e36f14873de5667902e1db9c35ed18e838b65df882
SHA512

15db71fa1c2bddb167767afb64de9884cc8c72fb5ba4a23dc11bfc4e01da66d0cec85e4b93c5cdd1ec6ca15f70914a05c7ed600abce3047f3f57d029f67b88c8
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA21ftxmbfYQJZKeqM:7I99DEWVtQA2Zmn0l

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1964	1996	rundll32.exe	28
PID 1996 wrote to memory of 1964	1996	rundll32.exe	28
PID 1996 wrote to memory of 1964	1996	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1556-361-0x0000000003570000-0x00000000036A1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1996 -s 56
  2⤵
  PID:1964