04b58420db8c4e59ab6405012f6831b24d321fd74651ff25cf08f62376769528

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:54

Target

2944-1249-0x0000000002790000-0x00000000028C1000-memory.dll
Size

1.2MB
MD5

814631d478a8e9c23c722fb88b64dd54
SHA1

46a5fbf9ed8fd1c22ffdf0a4f61d76ed16b9a3cd
SHA256

04b58420db8c4e59ab6405012f6831b24d321fd74651ff25cf08f62376769528
SHA512

e2549801639692d94357f5bf2c910552ec51f1df1db4e17d2de1d9fdeb0da0ac7a0f55dff35c53459ebf4f4a1241c37e0e9bfd0e02382d63a04f875a21518bc9
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA51ftxmbfYQJZKf/8:7I99DEWVtQA5Zmn0X

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2492	3068	rundll32.exe	28
PID 3068 wrote to memory of 2492	3068	rundll32.exe	28
PID 3068 wrote to memory of 2492	3068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2944-1249-0x0000000002790000-0x00000000028C1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3068 -s 56
  2⤵
  PID:2492