44d104213b4a268f066ea5fce67e621f72aae996ee6300b7d6dc2058d2f4b48f

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
06/11/2023, 11:40

Target

67768c179d68d1e5639008ea802b4109cde89d1418c7eaca4e5bc7dfc8713efd.dll
Size

1.2MB
MD5

254da1441e42a7aef2bae4fe194df266
SHA1

05b6b7711969e495c8778b124e56ae800d078990
SHA256

67768c179d68d1e5639008ea802b4109cde89d1418c7eaca4e5bc7dfc8713efd
SHA512

f632a5ff11414806ff7aa92544b98982fc22eeda087bb7593850cf5cd6eba1353048e792094f2cdafb74c66bb756337be9d846e60fbf873cb6bb71746296979f
SSDEEP

24576:Offra4gKTihdT0HEi7M56wH3bL71O0a8Qz6bs/T75BV6ekyXBTpBqK9PaPi:mqxNi7MIwXbhyXwQH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2804	2600	rundll32.exe	28
PID 2600 wrote to memory of 2804	2600	rundll32.exe	28
PID 2600 wrote to memory of 2804	2600	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67768c179d68d1e5639008ea802b4109cde89d1418c7eaca4e5bc7dfc8713efd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2600 -s 84
  2⤵
  PID:2804