76bb92e38f04a66cf4757740b86bd71d3e2dbb3dcc0eb453d18e87039e84115c

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 02:04

Target

1436-91-0x0000000003350000-0x0000000003481000-memory.dll
Size

1.2MB
MD5

cab5c15daa240a9043488303a5b90695
SHA1

db39a51c86b42d1ebe46c952bdca31de8c63741f
SHA256

76bb92e38f04a66cf4757740b86bd71d3e2dbb3dcc0eb453d18e87039e84115c
SHA512

b87006365f17cc968678d730a5c2be37641972e65c3518dbb48b895acb9ff2dbabc3de811a50f6888caa03ab5980b42c13c2b8bbb1fa6e0c9c44b69839c52df3
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAI1ftxmbfYQJZKAAn:7I99DEWVtQAIZmn0l

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2612	2816	rundll32.exe	27
PID 2816 wrote to memory of 2612	2816	rundll32.exe	27
PID 2816 wrote to memory of 2612	2816	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1436-91-0x0000000003350000-0x0000000003481000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2816 -s 56
  2⤵
  PID:2612