d297c16a53077e7398af92604d344f82ff7570feb78ee5c728ca1958d5bbcd74

Analysis

max time kernel
119s
max time network
144s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:07

Target

368-988-0x00000000035E0000-0x0000000003711000-memory.dll
Size

1.2MB
MD5

1b8b0b8193e92dd675e8579fa53d1795
SHA1

5c711ce390fab8b546455067a9c5471d9d8d1c51
SHA256

d297c16a53077e7398af92604d344f82ff7570feb78ee5c728ca1958d5bbcd74
SHA512

627ac7c30bce6b6ce1343a4bc4063d30eaad4d514610defc5231014ceef2c88ad4cdd8dd85575148d4f1d6937c4d0dd0a0af55cfef6276dfd232afd0b6e1d588
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAZ1ftxmbfYQJZKpBs:7I99DEWVtQAZZmn0n

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 1548	2260	rundll32.exe	28
PID 2260 wrote to memory of 1548	2260	rundll32.exe	28
PID 2260 wrote to memory of 1548	2260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\368-988-0x00000000035E0000-0x0000000003711000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2260 -s 56
  2⤵
  PID:1548