63afcfcc8df18aff83be613e34d9adba00acabb4d535e03b924e8df009725866

Analysis

max time kernel
121s
max time network
141s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 01:18

Target

1524-644-0x0000000002750000-0x0000000002881000-memory.dll
Size

1.2MB
MD5

fc296219168a2b8323d8edd075b037f1
SHA1

9607e25ac8bea788d494d55c199bcf6af7a8ab27
SHA256

63afcfcc8df18aff83be613e34d9adba00acabb4d535e03b924e8df009725866
SHA512

04e125273f6a60ec925fc50b0e996f69e6e7d353066709cf3f89cdc8d3d7886e0f436a3c4d5e28895c045248df6243a2815aa650a6d9249f467d7fe937079b5c
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAF1ftxmbfYQJZKFrn:7I99DEWVtQAFZmn0d

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2664	2952	rundll32.exe	29
PID 2952 wrote to memory of 2664	2952	rundll32.exe	29
PID 2952 wrote to memory of 2664	2952	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1524-644-0x0000000002750000-0x0000000002881000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2952 -s 56
  2⤵
  PID:2664