eabb59c1e875b3b4b87c2f649654640ada5df84eed38f15a57b3a00cf08d65ae

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:01

Target

2276-298-0x0000000003170000-0x00000000032A1000-memory.dll
Size

1.2MB
MD5

53413dd66e9207737c2107fb9b101dda
SHA1

fd8ec7e05f7fa73c52e64e553e32f95ab7a09af9
SHA256

eabb59c1e875b3b4b87c2f649654640ada5df84eed38f15a57b3a00cf08d65ae
SHA512

7516734bff790989eac50fa03c1f9e138f300feddaf72ff15c97564c76bb210503d384bc3c628bbe663e1831f485af8119732883126a9c5cd5d8f5179611e09a
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA21ftxmbfYQJZK0q9:7I99DEWVtQA2Zmn0D

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2676	2120	rundll32.exe	28
PID 2120 wrote to memory of 2676	2120	rundll32.exe	28
PID 2120 wrote to memory of 2676	2120	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2276-298-0x0000000003170000-0x00000000032A1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2120 -s 56
  2⤵
  PID:2676