ea80a4314d7928b062e6d3bc2fb29689174d0bf5f98cd141151fb3774d6bce36

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 05:39

Target

2360-387-0x00000000032B0000-0x00000000033E1000-memory.dll
Size

1.2MB
MD5

e455a3738ed5507dff5c754893c271c0
SHA1

f48ff445c5feab22091aec7b226afb4e975ca33d
SHA256

ea80a4314d7928b062e6d3bc2fb29689174d0bf5f98cd141151fb3774d6bce36
SHA512

3d40152205afc1a25d6fcfea1341d2d13de54554374d617354fddc2f90631302fc487694f3381dedf0573499523b2e19d80e59be23a6a4b43fd6dfabc6a3c6ba
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA61ftxmbfYQJZKJ2C:7I99DEWVtQA6Zmn0g

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2052	1920	rundll32.exe	28
PID 1920 wrote to memory of 2052	1920	rundll32.exe	28
PID 1920 wrote to memory of 2052	1920	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2360-387-0x00000000032B0000-0x00000000033E1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1920 -s 56
  2⤵
  PID:2052