9dbb249abd56ee26e6ec6af11fe052697094fd7209dfd60a3b8984499463ed6a

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:52

Target

680-388-0x00000000031F0000-0x0000000003321000-memory.dll
Size

1.2MB
MD5

0c4c4779d4e97f7374ca395f443eeaac
SHA1

e4c2df62941d7f5e76922f9e621bd2b0f1da794f
SHA256

9dbb249abd56ee26e6ec6af11fe052697094fd7209dfd60a3b8984499463ed6a
SHA512

37e088ba5ce6772631dee9cbdce471642950b864de09ba00e5d19d50e4f1d58f715b6d847f2fad7c42940d2f22db72582b8537c93d572542ab8f8611437981aa
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAe1ftxmbfYQJZKhSW:7I99DEWVtQAeZmn0k

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2292	1824	rundll32.exe	28
PID 1824 wrote to memory of 2292	1824	rundll32.exe	28
PID 1824 wrote to memory of 2292	1824	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\680-388-0x00000000031F0000-0x0000000003321000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1824 -s 56
  2⤵
  PID:2292