f54f5a728666d97132f2a61672b13e21b65df2181ae6eae4468d78677ad8b01b

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:01

Target

1064-1310-0x00000000036C0000-0x00000000037F1000-memory.dll
Size

1.2MB
MD5

9324a81735f7936c18739b1f08ecd9bc
SHA1

dfeffd0af116a6634a8f67d47c2a406c18c24b5f
SHA256

f54f5a728666d97132f2a61672b13e21b65df2181ae6eae4468d78677ad8b01b
SHA512

c12a0c622a09acc9446299e3893272a55de635dc63e9963dfe2079483b5699a6f29eb41939ee316ca903543d7f68432616f3d6d8db472e10d4d50752df4aec31
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA71ftxmbfYQJZKBXp:7I99DEWVtQA7Zmn05

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2196	1704	rundll32.exe	28
PID 1704 wrote to memory of 2196	1704	rundll32.exe	28
PID 1704 wrote to memory of 2196	1704	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1064-1310-0x00000000036C0000-0x00000000037F1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1704 -s 56
  2⤵
  PID:2196