1d54ad3431b393c8135fe0bd664cd6cb4c42ecf5543a83c295d4d551529832c3

Analysis

max time kernel
118s
max time network
139s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:02

Target

2968-348-0x0000000002740000-0x0000000002871000-memory.dll
Size

1.2MB
MD5

a7349b26ce62bf7dbe212849203fdb88
SHA1

dfebb730f7f889fc386dd55f2e5b4ed2b6954f00
SHA256

1d54ad3431b393c8135fe0bd664cd6cb4c42ecf5543a83c295d4d551529832c3
SHA512

78ccbb6b46589f3ca5165e668c291056ad2a617f4c652819f5ff05f0020ed126480c0f45a7bad30b2b126c315d4f6d5b7d3053622344eec720e4e3d9dac5e368
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAG1ftxmbfYQJZKbI5:7I99DEWVtQAGZmn0c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 752	2480	rundll32.exe	27
PID 2480 wrote to memory of 752	2480	rundll32.exe	27
PID 2480 wrote to memory of 752	2480	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2968-348-0x0000000002740000-0x0000000002871000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2480 -s 56
  2⤵
  PID:752