277e4898b067862d17af2beec784fa24b9b4924e4fd0796139ad04d0e8ab6b69

Analysis

max time kernel
124s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:29

Target

1156-1031-0x0000000003300000-0x0000000003431000-memory.dll
Size

1.2MB
MD5

bac80f4dfee9749389d352fa6f743c77
SHA1

23ac51f750cd3ca5c0e909d0c107255a3eaa5489
SHA256

277e4898b067862d17af2beec784fa24b9b4924e4fd0796139ad04d0e8ab6b69
SHA512

a3d3649fbf072fef8fe70a24c1b7fec3a66ebcc598c58196391da0cb7ed6a68c4e957acf0e1de6f10b1337233ccacfd355d3d039b53c7e24ffa8833833e48a85
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAP1ftxmbfYQJZKs7W:7I99DEWVtQAPZmn0S

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 3004	2408	rundll32.exe	27
PID 2408 wrote to memory of 3004	2408	rundll32.exe	27
PID 2408 wrote to memory of 3004	2408	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1156-1031-0x0000000003300000-0x0000000003431000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2408 -s 56
  2⤵
  PID:3004