e71160f4440ad68cc47f158d206d83bf413a1063ba266a74660ee743274e2551

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 11:41

Target

592-866-0x00000000035B0000-0x00000000036E1000-memory.dll
Size

1.2MB
MD5

a85a56b3d534facd9e3319bfd39b8fa6
SHA1

6e11e576ddd7f101fc7ef6d84383a0b2dd4ec10a
SHA256

e71160f4440ad68cc47f158d206d83bf413a1063ba266a74660ee743274e2551
SHA512

a461d07ad5a17f7e84b3d6d7e95a8e39bd603ce95ecefd6437173423918d3b4acd5cf2c93301f6fc0fa4e2924c636c31cec3f7487144e8ff8697d7c7223b41a5
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAq1ftxmbfYQJZKNmk:7I99DEWVtQAqZmn0E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2848	1520	rundll32.exe	27
PID 1520 wrote to memory of 2848	1520	rundll32.exe	27
PID 1520 wrote to memory of 2848	1520	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\592-866-0x00000000035B0000-0x00000000036E1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1520 -s 56
  2⤵
  PID:2848