2304b624eaf6e8bd6b61e10cdc3aadda1e5c7e3cd7a656dae7342c435072427a

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 05:32

Target

1072-389-0x00000000035E0000-0x0000000003711000-memory.dll
Size

1.2MB
MD5

c60d067770147a11d90a6ad30e7a9ece
SHA1

3b58db6cef329ce7cd0eb26ae9f854660c808e8f
SHA256

2304b624eaf6e8bd6b61e10cdc3aadda1e5c7e3cd7a656dae7342c435072427a
SHA512

32d3cedd25af68e25a9104d21aa4c4c35229b5f5d3e8585373b41934815a384a75c1f7dfa0a186e6b5de950ed77b564ff906ef7ebfffe9bf32a40330eee33de9
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAZ1ftxmbfYQJZKyBQ:7I99DEWVtQAZZmn0y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2240	1928	rundll32.exe	28
PID 1928 wrote to memory of 2240	1928	rundll32.exe	28
PID 1928 wrote to memory of 2240	1928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1072-389-0x00000000035E0000-0x0000000003711000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1928 -s 56
  2⤵
  PID:2240