75bbc7ae3686368e8450f47ff189614eb6c389bd71300a692ee51e50a47cdf7c

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 07:31

Target

75bbc7ae3686368e8450f47ff189614eb6c389bd71300a692ee51e50a47cdf7c.dll
Size

680KB
MD5

6b394511f026799b6222f8e63ced240f
SHA1

26211fab7b1a15e0ffacef4deb8507dd4bb60bd5
SHA256

75bbc7ae3686368e8450f47ff189614eb6c389bd71300a692ee51e50a47cdf7c
SHA512

25ddb703506316915b83c4eaac32ec0f094c3294ed90a9148ef269db43f65370c652cc2fd7af970f610e8110d5a757c971ff00a50b8e7ee4e15fe8f3f50681d4
SSDEEP

12288:fn8TNjlLm1M2oFC5X1SrP6FDHOZnNbndqmtJMucZ4juAYBQBWL:Cm1MbF2WY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2604	1940	rundll32.exe	28
PID 1940 wrote to memory of 2604	1940	rundll32.exe	28
PID 1940 wrote to memory of 2604	1940	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75bbc7ae3686368e8450f47ff189614eb6c389bd71300a692ee51e50a47cdf7c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1940 -s 168
  2⤵
  PID:2604