ef1682ec2944453478d2124f1278037b537b49ec6db52361b6c2ba8bdbf8cbe4

Analysis

max time kernel
120s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 00:41

Target

1804-291-0x0000000003500000-0x0000000003631000-memory.dll
Size

1.2MB
MD5

28e38cb2caca055f7e5f5e5ed6935225
SHA1

269bb3eb0a895789e324fe0f267964b9e575ab79
SHA256

ef1682ec2944453478d2124f1278037b537b49ec6db52361b6c2ba8bdbf8cbe4
SHA512

3315314ed27f126d0ffddf729e63e853b715b407e878e4f0a900d14b81eafe37d82b7e78cfe8ba55703e52c835bf18fa210211569c9f7b5290dff24994a7691f
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAv1ftxmbfYQJZKub8:7I99DEWVtQAvZmn0c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2276	1252	rundll32.exe	30
PID 1252 wrote to memory of 2276	1252	rundll32.exe	30
PID 1252 wrote to memory of 2276	1252	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1804-291-0x0000000003500000-0x0000000003631000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1252 -s 56
  2⤵
  PID:2276