f3fda3a5b8bddd75899f05a2310f8f20d2df6db40f7aebd6e25cf9a1e5117b89

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 01:36

Target

2452-242-0x0000000002490000-0x00000000025C1000-memory.dll
Size

1.2MB
MD5

baa161751519f9f66927870068fddeeb
SHA1

c5678c050ea4016c8656d0e6d64fc75e03163755
SHA256

f3fda3a5b8bddd75899f05a2310f8f20d2df6db40f7aebd6e25cf9a1e5117b89
SHA512

42d2ff20c0f4e128564cc99907eba32e2900a1e865d57dd955eba43e66ffac88301bfbc5b4f3b3fb8029781597050a964418c61d1dea7d92467dc00e74b3522b
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAJ1ftxmbfYQJZKcvt:7I99DEWVtQAJZmn06

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2112	2444	rundll32.exe	28
PID 2444 wrote to memory of 2112	2444	rundll32.exe	28
PID 2444 wrote to memory of 2112	2444	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2452-242-0x0000000002490000-0x00000000025C1000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2444 -s 56
  2⤵
  PID:2112