4e4e18908932f3355c81fdbd2ef89fa42669f4619a21d1141fa2898759233f64

Analysis

max time kernel
117s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 04:57

Target

1028-320-0x0000000002D20000-0x0000000002E51000-memory.dll
Size

1.2MB
MD5

51cac8eb1537bdeab39e1e0830dda7e1
SHA1

69de1c718c100394878325914d35491531fb023b
SHA256

4e4e18908932f3355c81fdbd2ef89fa42669f4619a21d1141fa2898759233f64
SHA512

dab0266b80980553b62673b5a3d9c3018e032fc5c74ee4c7b21b9f49cfec8d06c24b16a53052044ea1613e28425690d4ccc8a67ceaa4c155fc3e08dc36107ec1
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAg1ftxmbfYQJZKMYHt:7I99DEWVtQAgZmn0zH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2596	2468	rundll32.exe	28
PID 2468 wrote to memory of 2596	2468	rundll32.exe	28
PID 2468 wrote to memory of 2596	2468	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1028-320-0x0000000002D20000-0x0000000002E51000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2468 -s 56
  2⤵
  PID:2596