2a542e2e07bf7c776d64e29f2b3b6c3908ce3daedb219a2edba1f3f47298c90b

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:07

Target

2708-666-0x00000000030D0000-0x0000000003201000-memory.dll
Size

1.2MB
MD5

da843040be54864cdf12fcda01903f92
SHA1

781579114163be08c34e4a41bcca904238db6a21
SHA256

2a542e2e07bf7c776d64e29f2b3b6c3908ce3daedb219a2edba1f3f47298c90b
SHA512

32e22d29864adc039281d11fed62744eeeb3887690575f248d92d7bdf54bd1190496df10c2c5964bf92c9a53fb11670f38878d578a07278a3fb60e3c1be47f10
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAg1ftxmbfYQJZKAV4j:7I99DEWVtQAgZmn0Ai

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2856	2112	rundll32.exe	28
PID 2112 wrote to memory of 2856	2112	rundll32.exe	28
PID 2112 wrote to memory of 2856	2112	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2708-666-0x00000000030D0000-0x0000000003201000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2112 -s 56
  2⤵
  PID:2856