b4db6df34965fd13c865aafdff521d2fa98947d0157defe1356f037ffa3e9815

Analysis

max time kernel
118s
max time network
141s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 23:21

Target

344-710-0x0000000003690000-0x00000000037C1000-memory.dll
Size

1.2MB
MD5

6c4d18cc1b2774b67d14f3c1eab5dd7d
SHA1

fe1b6bb5be8a083a59f995e3fefdce2d226c417c
SHA256

b4db6df34965fd13c865aafdff521d2fa98947d0157defe1356f037ffa3e9815
SHA512

16630eaeb3ed2a5532360922da5c6f29fd660caacb95d71c55fd3fe965b24138f65cbe03b694802830b69d9d4eb6389d901741328d54aaa1e9841bb5e41316b7
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA81ftxmbfYQJZK5cm:7I99DEWVtQA8Zmn06

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2040	2184	rundll32.exe	27
PID 2184 wrote to memory of 2040	2184	rundll32.exe	27
PID 2184 wrote to memory of 2040	2184	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\344-710-0x0000000003690000-0x00000000037C1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2184 -s 56
  2⤵
  PID:2040