07d286c54d2410adf11823b928d423fd921987e86d980259fd4d625894ea9314

Analysis

max time kernel
119s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:31

Target

5164-398-0x0000000003640000-0x0000000003771000-memory.dll
Size

1.2MB
MD5

39d3d53c15a3debf4226b360be797ff9
SHA1

0895137b534dcd2c014736195bccea6a7e9eb75b
SHA256

07d286c54d2410adf11823b928d423fd921987e86d980259fd4d625894ea9314
SHA512

1055cf3eb503d03bbe01ffe842648451c06078a5f2f70acc72dc71e9d441711293158e2f71df7f5dacc2b90f1202d31af9c51c1d654b13fe26a38ae30950249c
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAT1ftxmbfYQJZKFfo:7I99DEWVtQATZmn0F

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2788	1544	rundll32.exe	27
PID 1544 wrote to memory of 2788	1544	rundll32.exe	27
PID 1544 wrote to memory of 2788	1544	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5164-398-0x0000000003640000-0x0000000003771000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1544 -s 56
  2⤵
  PID:2788