e42808afb72390898e35ffcc5566140e7d4a0362a07b323d4df014e4107228b3

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 11:29

Target

2464-81-0x00000000031E0000-0x0000000003311000-memory.dll
Size

1.2MB
MD5

5066240f7cc324b98f81b293bef64a51
SHA1

ccbe5f0069f30c97f746b6ef520c3e74b6372197
SHA256

e42808afb72390898e35ffcc5566140e7d4a0362a07b323d4df014e4107228b3
SHA512

b7c5e93c34dd562ce72c7ec56a2e590cd6e3149d16d59874adb09e887cfb565ce3fe8ef0eb07ba2ebb33514f0019d6f9e5eacde02eb1a95a83fde489491de9d2
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAZ1ftxmbfYQJZKJBb:7I99DEWVtQAZZmn0H

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1796	1988	rundll32.exe	27
PID 1988 wrote to memory of 1796	1988	rundll32.exe	27
PID 1988 wrote to memory of 1796	1988	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2464-81-0x00000000031E0000-0x0000000003311000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1988 -s 56
  2⤵
  PID:1796