833bc98a86ee52ca2db509cc3477627bb2b5003993437858e2d55a0b96f9049b

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:37

Target

4440-651-0x0000000002F00000-0x0000000003031000-memory.dll
Size

1.2MB
MD5

23173e1d7de85e7cf635b7dedba92b5a
SHA1

c4fe93e4e2c985b75d5e4da9a72338173050d026
SHA256

833bc98a86ee52ca2db509cc3477627bb2b5003993437858e2d55a0b96f9049b
SHA512

6d8a0302750434493d286de1d5770d80a04cac845251bd2e007d712532cb0d4b9b5ebe4fa53ef404f8fbfa210312de3cdaf6dc4ea8fe1b47348db775e46efa20
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAP1ftxmbfYQJZKRzv0:7I99DEWVtQAPZmn0V

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 3052	1956	rundll32.exe	17
PID 1956 wrote to memory of 3052	1956	rundll32.exe	17
PID 1956 wrote to memory of 3052	1956	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4440-651-0x0000000002F00000-0x0000000003031000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1956 -s 56
  2⤵
  PID:3052