5a3b023cd284e982099d08203975271043c6f3b41d213afe8c953ea94609ad2a

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 09:51

Target

2020-91-0x00000000030C0000-0x00000000031F1000-memory.dll
Size

1.2MB
MD5

95ba7abeeb6058783d3118bf55a17587
SHA1

bc16c411c417a039dbc8dbfa38af1ef38a258e6e
SHA256

5a3b023cd284e982099d08203975271043c6f3b41d213afe8c953ea94609ad2a
SHA512

ebcf40f8f239071bbb1101555c888da652f2c1e3317c2041003a3b18a5b870c99bdbc17126fd9bdf2f6c0d8c889dac1902f95d706c5bbd08d9afc6782c94d655
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAb1ftxmbfYQJZKkm3r:7I99DEWVtQAbZmn0t

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2324	1508	rundll32.exe	28
PID 1508 wrote to memory of 2324	1508	rundll32.exe	28
PID 1508 wrote to memory of 2324	1508	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-91-0x00000000030C0000-0x00000000031F1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1508 -s 56
  2⤵
  PID:2324