aa171cd3a44cd88b0331d010c83262923d6d63e0cd4cb0aaeac62f9d7c98fbea

Analysis

max time kernel
121s
max time network
145s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:29

Target

716-150-0x0000000002EF0000-0x0000000003021000-memory.dll
Size

1.2MB
MD5

24346c013319f9468c89b486f6e12848
SHA1

b6aa5e8b01bab9fabd126d49cd4fe86154dec47a
SHA256

aa171cd3a44cd88b0331d010c83262923d6d63e0cd4cb0aaeac62f9d7c98fbea
SHA512

86f0b897358474ae1d797d0f88145e28d522006ac84cbc2f7796d41141a860f53dc4002f4ca7bc748913dfac518bafbd988d35b2791895aa8bf1e8480764dbf6
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAu1ftxmbfYQJZK3l1:7I99DEWVtQAuZmn0V

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2772	2760	rundll32.exe	29
PID 2760 wrote to memory of 2772	2760	rundll32.exe	29
PID 2760 wrote to memory of 2772	2760	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\716-150-0x0000000002EF0000-0x0000000003021000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2760 -s 56
  2⤵
  PID:2772