33f8c7dff55c744c2e20b4be4c5804d3edb012f4691d813e1099c7a0d45f7643

Analysis

max time kernel
117s
max time network
141s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:54

Target

292-1240-0x0000000003570000-0x00000000036A1000-memory.dll
Size

1.2MB
MD5

c5e24b772aca96bc72fecb7bbfea1509
SHA1

f4acf0a81b4762b0fc578a64eb361b031dec71cb
SHA256

33f8c7dff55c744c2e20b4be4c5804d3edb012f4691d813e1099c7a0d45f7643
SHA512

e8914a4cf509dedf3e9e6928b1d99b6968dd8b821fe5d90d9acfa30bea3ab07dc574407c71b4d7385977073fdf239deeca29a5db29ee85fe01202db78b931be2
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA21ftxmbfYQJZKCq8:7I99DEWVtQA2Zmn0B

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2332	2324	rundll32.exe	28
PID 2324 wrote to memory of 2332	2324	rundll32.exe	28
PID 2324 wrote to memory of 2332	2324	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\292-1240-0x0000000003570000-0x00000000036A1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2324 -s 56
  2⤵
  PID:2332