e68c0df322df91bcc0d1b50881238728464a2bc05705925745df44877db2b6c4

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 20:45

Target

1528-43-0x00000000001B0000-0x00000000001C4000-memory.dll
Size

80KB
MD5

6a055a1d9034d81a99be741793b0d885
SHA1

f1c7533d3acac8cc80d3068e614a42f788b1e7e1
SHA256

e68c0df322df91bcc0d1b50881238728464a2bc05705925745df44877db2b6c4
SHA512

5949ca9a5624aa57c99fbc4026fb39bb581f94678db4a96c0169a9a995f228cf1594f7820793a8392d02605934b780847adb3ddd36c473a5054067270356f952
SSDEEP

768:iCIo0O99dyYus8VKEfuNtxv4c/HFGKndcHrqWwf8D5zGPMFf5I:TaO9qYVttv4c/HFGL2f8D57

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1528-43-0x00000000001B0000-0x00000000001C4000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1612 -s 56
  2⤵
  PID:2348