b1a85f8ce1e7cee06cbe7b340c1c9b1eb73d029d37dc634b271dd820f83d8dd1

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 12:06

Target

b1a85f8ce1e7cee06cbe7b340c1c9b1eb73d029d37dc634b271dd820f83d8dd1.dll
Size

274KB
MD5

93af7a19c48d3ce7dd0d68e5000f7184
SHA1

4dfe0ff75afa1d7ab4b234111524fc669fd8b450
SHA256

b1a85f8ce1e7cee06cbe7b340c1c9b1eb73d029d37dc634b271dd820f83d8dd1
SHA512

51ff44acb1de186c8309ef445d01623021f392acf24d71d47dd79fdc554b524f5dbc5c51ce686836e037c8969ed21df1657a4e6ba36e5a54dd029bba5cdd5c40
SSDEEP

3072:l4S4EHPqLa8mwFxiwkUA3Vj6aRj8+/LTFRVl4hTrsQDppXmoY46MbMaEgDdCn:lL4ZDjiwPAlj6A8+jTFRINSoh7P0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2220	2232	rundll32.exe	28
PID 2232 wrote to memory of 2220	2232	rundll32.exe	28
PID 2232 wrote to memory of 2220	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1a85f8ce1e7cee06cbe7b340c1c9b1eb73d029d37dc634b271dd820f83d8dd1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2232 -s 220
  2⤵
  PID:2220