e41ad463d4aabd0c5b9d977341fd9db9bbf92868677d644801b24d2d3be1800b

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 17:53

Target

2104-54-0x000000006D7C0000-0x000000006D819000-memory.dll
Size

356KB
MD5

32ebc1a5a8dfecfc8323ecc0925f3870
SHA1

2b5da302e01ae4669d9ed0405089fe23f599b797
SHA256

e41ad463d4aabd0c5b9d977341fd9db9bbf92868677d644801b24d2d3be1800b
SHA512

cd1937344a30846fa0d9b201e0e0d5c56a062161af31fb0418344e1ab66d18ed2ad8635cce6f81456b8077ab01e2de7c2d2e77b91776023159a2fa53a440a6de
SSDEEP

3072:5CQ6ZN8FG/rNlYsfqJCIPCB5OlbbOcDYa0AL5GQ1FcIEHkyPEbI0gab96BJLbb7x:4QsNrcNCALiC7bgJXb7iJj8qhp/BTKL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2016 wrote to memory of 2744	2016	rundll32.exe	WerFault.exe
PID 2016 wrote to memory of 2744	2016	rundll32.exe	WerFault.exe
PID 2016 wrote to memory of 2744	2016	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2104-54-0x000000006D7C0000-0x000000006D819000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2016 -s 52
2⤵
PID:2744