3483a7d2eb0f10c3e62e780ac5b430736a9772b20308026b76dbbea24180023d

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:36

Target

5428-423-0x0000000003320000-0x0000000003451000-memory.dll
Size

1.2MB
MD5

1ba5ef1f2fd2f06285a392e231c72d60
SHA1

ab2d8d9e7f4115e47c07623a4eab7670e1e162ff
SHA256

3483a7d2eb0f10c3e62e780ac5b430736a9772b20308026b76dbbea24180023d
SHA512

0a1803a4e0cc525786c5a4c0da22a2dcbb88860bc06dd935d0e1e7fed78c497e7b3e52310ee0cb8e388a396460c54a17d8c85b4316579c8beba5b0d7847bcfcc
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA91ftxmbfYQJZKdUVT:7I99DEWVtQA9Zmn0dM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2208	2236	rundll32.exe	28
PID 2236 wrote to memory of 2208	2236	rundll32.exe	28
PID 2236 wrote to memory of 2208	2236	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5428-423-0x0000000003320000-0x0000000003451000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2236 -s 56
  2⤵
  PID:2208