2c6d4402a251f34f1439b31519704e3d5c8d23fcff76ef9efea0c4a4875e299e

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:34

Target

2856-1265-0x0000000003690000-0x00000000037C1000-memory.dll
Size

1.2MB
MD5

ff51fb266aae889fe1624a7abb2de934
SHA1

a5663fcf62460e9b5babf8826e49fd9b5ee9dc15
SHA256

2c6d4402a251f34f1439b31519704e3d5c8d23fcff76ef9efea0c4a4875e299e
SHA512

b010114843d705a0d64035895528ab6c396d5831989a3c61e8b3e86e54de000d7287b254d73c2500bd096b603a45632c33dde8355ed341f1eccb9f53ff6f2689
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA81ftxmbfYQJZKvc6:7I99DEWVtQA8Zmn0k

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2148	3016	rundll32.exe	27
PID 3016 wrote to memory of 2148	3016	rundll32.exe	27
PID 3016 wrote to memory of 2148	3016	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2856-1265-0x0000000003690000-0x00000000037C1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3016 -s 56
  2⤵
  PID:2148