0744976d568ac5d565964d6936b2f304900046bca1d2559c961ee924f399154b

Analysis

max time kernel
119s
max time network
139s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 04:54

Target

4412-267-0x0000000002C60000-0x0000000002D91000-memory.dll
Size

1.2MB
MD5

d9d94009c7bc89aed86cabb708d980ba
SHA1

ac7a55b252c24d2ebc009833ef3b0aca689dc717
SHA256

0744976d568ac5d565964d6936b2f304900046bca1d2559c961ee924f399154b
SHA512

94066a2aa938d572221a62b7772d8a016e0bb619f96bc448e3c25e9881c8b745337edd5289c7b78d5758481b1ced5f63cb573549a9db12d6d4673c955ca87332
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA01ftxmbfYQJZK0K4:7I99DEWVtQA0Zmn0v

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2788	1544	rundll32.exe	27
PID 1544 wrote to memory of 2788	1544	rundll32.exe	27
PID 1544 wrote to memory of 2788	1544	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4412-267-0x0000000002C60000-0x0000000002D91000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1544 -s 56
  2⤵
  PID:2788