5ccc7b9dceb05dc47aaba7e834bd531a7e6aecc0ada6d45730641a46ba8248ba

Analysis

max time kernel
14s
max time network
29s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 10:50

Target

4388-416-0x0000000003460000-0x0000000003591000-memory.dll
Size

1.2MB
MD5

64bda9813aaf3a6e78acb5c1a86d1f64
SHA1

92f794c41a5f79855ed4b480e20d44673a324c88
SHA256

5ccc7b9dceb05dc47aaba7e834bd531a7e6aecc0ada6d45730641a46ba8248ba
SHA512

3219cedba030d4bd2283b9e6a950f04f234c74740b9ad6f8165be9eef1ce9b02229941b041057eab8f9bfe4574fdcbf4905e45fb5d916898d9768abc8d2f6305
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAB1ftxmbfYQJZKz9Zl:7I99DEWVtQABZmn0zD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 3012	1872	rundll32.exe	28
PID 1872 wrote to memory of 3012	1872	rundll32.exe	28
PID 1872 wrote to memory of 3012	1872	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4388-416-0x0000000003460000-0x0000000003591000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1872 -s 56
  2⤵
  PID:3012