9c980fa9bc63881574c338a676adc6f284784d7216e566de5c6bc93fb06150bb

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 19:47

Target

e0b81f33cf40edccacbcf5afa37341a2c7efc4f7e0166b71c5db3a6a4242e55b.dll
Size

1.2MB
MD5

9bfc104f0f53616b1e4046b1724fc226
SHA1

3b380172a362aad313c088fadbbe680cc7cc9d3e
SHA256

e0b81f33cf40edccacbcf5afa37341a2c7efc4f7e0166b71c5db3a6a4242e55b
SHA512

92ad1fe4480651c928c02b5dc37ce9a630bc438532a5bc20cef6387e7b17f555199307c9138ced02c5df22541437734f854f1536853634412907fb72a9bc08f0
SSDEEP

24576:ln+5EYhtdpUjD+2c7nwn5tI3194JLGPpxR4kY7CefCv9F2STtIekpbx:SV0Fe3WMd4ks1ezTtpsx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2240	2488	rundll32.exe	28
PID 2488 wrote to memory of 2240	2488	rundll32.exe	28
PID 2488 wrote to memory of 2240	2488	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e0b81f33cf40edccacbcf5afa37341a2c7efc4f7e0166b71c5db3a6a4242e55b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2488 -s 84
  2⤵
  PID:2240