6e613cedeedb9e7909c83a1ae90305a3a8bd838b3651903f614da4b762012872

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:34

Target

1760-1133-0x0000000003600000-0x0000000003731000-memory.dll
Size

1.2MB
MD5

eff7f4f6c2b4bbcb284d1e15f4c15718
SHA1

e113381680f1f9e9082c64cdaab685a251940f26
SHA256

6e613cedeedb9e7909c83a1ae90305a3a8bd838b3651903f614da4b762012872
SHA512

7632aa6405a9f014c3ef33f3a959a351721fdecadb633a74e776f23c88136a71ed0d22e07b50daead8d17cdfc1621bba39242b59ae05a8ff0b5ff30b9e4ddab1
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA/1ftxmbfYQJZKBre:7I99DEWVtQA/Zmn0N

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 1972	1696	rundll32.exe	28
PID 1696 wrote to memory of 1972	1696	rundll32.exe	28
PID 1696 wrote to memory of 1972	1696	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1760-1133-0x0000000003600000-0x0000000003731000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1696 -s 56
  2⤵
  PID:1972