aab1084308e666bdc5a58d6afc13647dc5ae095b75d6b2de7c001f63ae3343f3

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 22:34

Target

2092-651-0x00000000035F0000-0x0000000003721000-memory.dll
Size

1.2MB
MD5

5c89574111e5b7bfe208e8e7939e4490
SHA1

0b4c17a90175de196c73462ce9cab9a72a7db628
SHA256

aab1084308e666bdc5a58d6afc13647dc5ae095b75d6b2de7c001f63ae3343f3
SHA512

a4ef605c551295aad8fb04ed99cfcb13de1f0058059541a9a5a4f41ff707f157e4df53584bfae3fbc4c62a26b4f4ea62a7344c24ed9b6df0a4c4e31951ae4650
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAe1ftxmbfYQJZKwISt:7I99DEWVtQAeZmn0w3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 3052	2040	rundll32.exe	16
PID 2040 wrote to memory of 3052	2040	rundll32.exe	16
PID 2040 wrote to memory of 3052	2040	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2092-651-0x00000000035F0000-0x0000000003721000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2040 -s 56
  2⤵
  PID:3052