b900382754a6e7724056e5b68ee543f1ea143cc7a62378afeb9d476db5db9a0d

Analysis

max time kernel
119s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10-10-2023 21:12

Target

2700-537-0x00000000036C0000-0x00000000037F1000-memory.dll
Size

1.2MB
MD5

8b4de82e5276fb0972bb35207f101932
SHA1

8f7296de6f49aaadee6304b1182374f3d3534adc
SHA256

b900382754a6e7724056e5b68ee543f1ea143cc7a62378afeb9d476db5db9a0d
SHA512

096426951dac83874686085e21782c7d1354fd40ed403c02633ad9efd34aede39a39a0acfb5f19fb1e4b9785913e04b1ee2f7c9c3f545b5ea0506a75728edd73
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA71ftxmbfYQJZKtX0:7I99DEWVtQA7Zmn01

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2452	2240	rundll32.exe	27
PID 2240 wrote to memory of 2452	2240	rundll32.exe	27
PID 2240 wrote to memory of 2452	2240	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2700-537-0x00000000036C0000-0x00000000037F1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2240 -s 56
  2⤵
  PID:2452