2b502724d53c92efe2a7d2eee581c76546e26a400190b76042c66ccb6dabd3b7

Analysis

max time kernel
119s
max time network
140s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:20

Target

2856-522-0x00000000035B0000-0x00000000036E1000-memory.dll
Size

1.2MB
MD5

3e2f224068513287fbf262784b5911d9
SHA1

99ec984acf9debeef4d7c6f9094c45b79d8d2862
SHA256

2b502724d53c92efe2a7d2eee581c76546e26a400190b76042c66ccb6dabd3b7
SHA512

da0142a35eecf1d9f3ab15864df0d69c08d1304aae42f3b67182824eaf0b32271c5dcacd11c3c0fc8ea196b7cf1e4e01fe6f3eef54662bf3825e856feeb28ba1
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAq1ftxmbfYQJZKFme:7I99DEWVtQAqZmn0s

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2440	2480	rundll32.exe	28
PID 2480 wrote to memory of 2440	2480	rundll32.exe	28
PID 2480 wrote to memory of 2440	2480	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2856-522-0x00000000035B0000-0x00000000036E1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2480 -s 56
  2⤵
  PID:2440