a571c1fdbdf3e7f2716b5e3ce4e504425ed67d7564116fd4921a0b8ff7208181

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-03-2024 22:27

Target

1324-67-0x0000000000120000-0x0000000000129000-memory.dll
Size

36KB
MD5

b93afbaf0bfb03ae3cfb915f7b5be8f0
SHA1

d6a03db1c6608d5077ec2bc6659f580f60fabb57
SHA256

a571c1fdbdf3e7f2716b5e3ce4e504425ed67d7564116fd4921a0b8ff7208181
SHA512

def5bac78c8dc5de2e73b362d11fda34de0beaab64062605df2e5f46a277aca7efb69ded531876fd8e1ced17cb13a843dfba6b813297580c2987e00436bd6f0d
SSDEEP

192:6P+nM5KC/zxayGc3gzq7YjDaqzJCueT+RfbZne9s6PLOWywP0tkYGijY:s5Jxayczq7Yjt9lfle9s6PLfv6kYGi8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2196 wrote to memory of 2264	2196	rundll32.exe	WerFault.exe
PID 2196 wrote to memory of 2264	2196	rundll32.exe	WerFault.exe
PID 2196 wrote to memory of 2264	2196	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1324-67-0x0000000000120000-0x0000000000129000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2196 -s 56
2⤵
PID:2264