7c691f7e9306ac1bb875eec05be2a09c1019e61c2af96d16d5064f9ffcc6ff4c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 11:20

Target

2924-2-0x0000000028CD0000-0x0000000028D1F000-memory.dll
Size

316KB
MD5

27758a2c2eeba22f1c880972e2625473
SHA1

cd652b64933056c962748762cda9f7336fdf6c81
SHA256

7c691f7e9306ac1bb875eec05be2a09c1019e61c2af96d16d5064f9ffcc6ff4c
SHA512

e2e332e182a348c63c50c1ac5def5266d970d53db42b0b641ad1491fa219b2c1ad0c5e37407bbfcadaa769422d3024c4e46b6a5e3f09d2be5e8812d3aebd0371
SSDEEP

6144:uJqXG5d1Ip8yibgkTZI6jHID90a0jPdsH/:u9d6devoxkjPdq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2792 wrote to memory of 1692	2792	rundll32.exe	WerFault.exe
PID 2792 wrote to memory of 1692	2792	rundll32.exe	WerFault.exe
PID 2792 wrote to memory of 1692	2792	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2924-2-0x0000000028CD0000-0x0000000028D1F000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2792 -s 52
2⤵
PID:1692