516b3fcac693a22459e17df2d9b64235aebb86f7489d8d4d6af20e1a67a96bbf

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:33

Target

4996-687-0x00000000030D0000-0x0000000003201000-memory.dll
Size

1.2MB
MD5

aeedc6920f3c4cca8ab8e3f6df82b575
SHA1

cdbccb5d3f10c75c6463fb99ee172c1cb4139d53
SHA256

516b3fcac693a22459e17df2d9b64235aebb86f7489d8d4d6af20e1a67a96bbf
SHA512

741abca8b134d99723d0be23e616f5d9c2c2f5c7a8f7d874e625c4b84b73f1d12787a858c38782947c866d84c3473c81c5e768d4c7c43e25cfac8d9fda870625
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAg1ftxmbfYQJZKLV4u:7I99DEWVtQAgZmn0Li

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2060	2044	rundll32.exe	28
PID 2044 wrote to memory of 2060	2044	rundll32.exe	28
PID 2044 wrote to memory of 2060	2044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4996-687-0x00000000030D0000-0x0000000003201000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2044 -s 56
  2⤵
  PID:2060