7a66a2181e22549acce5e8a895c72d0acca94fedc94aecb565311f6b2e0f2f64

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 12:50

Target

7a66a2181e22549acce5e8a895c72d0acca94fedc94aecb565311f6b2e0f2f64.dll
Size

7.7MB
MD5

77bbfca8e54a904ad51fa7d190483788
SHA1

1f4de4b757f3a0dccd7884f063d6139695a86482
SHA256

7a66a2181e22549acce5e8a895c72d0acca94fedc94aecb565311f6b2e0f2f64
SHA512

ea7172f7602a8329eaa55a99c9607269b1c662ef53e8633b8cfacd1eb746fb01729a20e20ea0c1875b68c68c931d249861ad02b83b534d7c2e3ba5174ce67b6e
SSDEEP

98304:i/P6JLM8wpzMGQ1YUnNhiJ1Xm9hKYEZMGylwf:iqJQ8wpngYUDEm9hKvaGylw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 2912	1376	rundll32.exe	1
PID 1376 wrote to memory of 2912	1376	rundll32.exe	1
PID 1376 wrote to memory of 2912	1376	rundll32.exe	1

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1376 -s 176
1⤵
PID:2912

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a66a2181e22549acce5e8a895c72d0acca94fedc94aecb565311f6b2e0f2f64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1376