3e1eac40a0b0c18a1af01973797057a64ab57d403dc0769d165a5973fefd93a7

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 13:51

Target

1904-0-0x0000000001D30000-0x0000000001D82000-memory.dll
Size

328KB
MD5

55cd9df0a8c2e61ce04cc6141c0a9f58
SHA1

0ab4fd0593e10710d74cfdba0b0180988a687c33
SHA256

3e1eac40a0b0c18a1af01973797057a64ab57d403dc0769d165a5973fefd93a7
SHA512

c0452150d128c14fe882e9b5dbc8d700c63b4b24d81dac1463e56aa9fb1d3a9658b956d7f7f41af7316ea8274c308d0b4cf9bd8653e4fa91d6af9b1a71474195
SSDEEP

3072:/zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnLY0E65SYJl6vzHk:/zbUWootfDCvT4ZTXzCLY0FSz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2208 wrote to memory of 1752	2208	rundll32.exe	WerFault.exe
PID 2208 wrote to memory of 1752	2208	rundll32.exe	WerFault.exe
PID 2208 wrote to memory of 1752	2208	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1904-0-0x0000000001D30000-0x0000000001D82000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2208 -s 52
2⤵
PID:1752