d3aea848ff534ac06a66ca89e8728ba8c6f2fe0757fefb9d853a32976a56e97b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06-10-2023 08:49

Target

4b50d89599f7aad5c2e33d4a33992735ac4a159e634a3da887c42b2ca1372ae1.dll
Size

1.2MB
MD5

ca08fe1593c41f18c9b1e2d73616dbb0
SHA1

517476f5b3ff4619a4b0c8a104a1fb0baf9b3213
SHA256

4b50d89599f7aad5c2e33d4a33992735ac4a159e634a3da887c42b2ca1372ae1
SHA512

a816db32c7ae52dd83ca08ed964de8e7b6cabb17fc71537da46a33951c13f51e1dfa271ebb0efda7d1d71f3dbd6884aa9a073fe9de52cbb4df6586c91053e50e
SSDEEP

24576:lwOhCPykWGGrYL1hb4LPRAMXLXuw2tL0IGrkNBxgvx3FWlDD:9TKhL4LP+AMtBoAD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 3036	2112	rundll32.exe	28
PID 2112 wrote to memory of 3036	2112	rundll32.exe	28
PID 2112 wrote to memory of 3036	2112	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b50d89599f7aad5c2e33d4a33992735ac4a159e634a3da887c42b2ca1372ae1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2112 -s 84
  2⤵
  PID:3036