ebeb3c9826960d491bf1218c8622a1533a74fd222ff4351aca7122bf8c6c9fac

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 08:23

Target

1100-664-0x0000000003600000-0x0000000003731000-memory.dll
Size

1.2MB
MD5

af408891c3d1cd32f4499e7cf37cabbf
SHA1

46e56730d1f6e2197103ba76dc8bd1c55695ee55
SHA256

ebeb3c9826960d491bf1218c8622a1533a74fd222ff4351aca7122bf8c6c9fac
SHA512

d16d65f66a8ec81fbe51be5947604c6ffdd039ae544888df9c30a552f6f38d50994e580361f743608bfdd1b190824acc6a514f67336b9f12f0ed299815cd9d35
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA/1ftxmbfYQJZKYr0:7I99DEWVtQA/Zmn0W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2036	1916	rundll32.exe	28
PID 1916 wrote to memory of 2036	1916	rundll32.exe	28
PID 1916 wrote to memory of 2036	1916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1100-664-0x0000000003600000-0x0000000003731000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1916 -s 56
  2⤵
  PID:2036