4a14d3d335ea507daa427f118ab0a563d63c53062ecce1b478b29c75d0b4d90e

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 13:00

Target

5084-1023-0x00000000037A0000-0x00000000038D1000-memory.dll
Size

1.2MB
MD5

0db51ff546b147d84a762dce25c22d9d
SHA1

b2ed9df2ba4c37d65584349165c609aa30ea0475
SHA256

4a14d3d335ea507daa427f118ab0a563d63c53062ecce1b478b29c75d0b4d90e
SHA512

0822757df83ce5b98c60630c063adeb953c74d6abcfe3a90b349aa1309f056b3267f0893d7d8434558209c425da0c52b3ddc1a6c8434b63f527925abd8ad4c7a
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAl1ftxmbfYQJZKuNc:7I99DEWVtQAlZmn0i

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2788	2188	rundll32.exe	28
PID 2188 wrote to memory of 2788	2188	rundll32.exe	28
PID 2188 wrote to memory of 2788	2188	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5084-1023-0x00000000037A0000-0x00000000038D1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 56
  2⤵
  PID:2788