96d044b6ff2f378264a6fdbcb1d2109196f36fc6bb170f8f50ea480ef404757d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:36

Target

288-1270-0x00000000031B0000-0x00000000032E1000-memory.dll
Size

1.2MB
MD5

73f037b5c8257312403a6810fab47b46
SHA1

3337875228910ee54ff636f1fdc876b3e469fd08
SHA256

96d044b6ff2f378264a6fdbcb1d2109196f36fc6bb170f8f50ea480ef404757d
SHA512

bb9f3396cd852fdf1c00abda6b250cd30011d122dab90e8f9b75530fbd5722e644baf96bb68b97a5de3372dc9eb8a665e9eb76cfe523184c144c9b2629c47ba6
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAq1ftxmbfYQJZKUmR:7I99DEWVtQAqZmn0H

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2224	2220	rundll32.exe	28
PID 2220 wrote to memory of 2224	2220	rundll32.exe	28
PID 2220 wrote to memory of 2224	2220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\288-1270-0x00000000031B0000-0x00000000032E1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2220 -s 56
  2⤵
  PID:2224