d3272005f8ce7b773e6312fd51c6da3714a1040114c47256be0fc3d28506605b

Analysis

max time kernel
122s
max time network
145s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 23:19

Target

4904-357-0x00000000034E0000-0x0000000003611000-memory.dll
Size

1.2MB
MD5

c271040fdf20773ca2d4af3aaf2e3a5a
SHA1

e86aea054e05fceb7b595d225ee7171eb5cd183a
SHA256

d3272005f8ce7b773e6312fd51c6da3714a1040114c47256be0fc3d28506605b
SHA512

45665eeca28833644ee6f0f7da6d610d60b5bf8e10b11a312bd1aba1a2d33014281776cb96c2c6ee8e59c67707d0771f86fa3c101be502172f1278349ae2ad88
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAJ1ftxmbfYQJZKERl:7I99DEWVtQAJZmn0Q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2324	1448	rundll32.exe	28
PID 1448 wrote to memory of 2324	1448	rundll32.exe	28
PID 1448 wrote to memory of 2324	1448	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4904-357-0x00000000034E0000-0x0000000003611000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1448 -s 56
  2⤵
  PID:2324