33b1cc24f787e0879be88253b5c445f9d4f9b0d8d678049dbf78fcdb94b65fe7

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 14:17

Target

Tool_1CD_2016v030_edit_mode/icudt40.dll
Size

13.3MB
MD5

b3249e41a06be6c4cbd0e7a960b4fbf7
SHA1

728b16ebe932007e275017525130dd04d3b39649
SHA256

84ab4b7b3d4872d99b5e5721e9cc7fc301cc38d13a8113e9b5773bbc2f8050a8
SHA512

921b525c6b5dcb73e09e3bf13f8289bcab89fba3ade1e051165899ac863f547773879cbf821a0f9f3cb00e8d73576b924b632e163e1d498cd4bb2285f7a167e8
SSDEEP

196608:NzfDbmL2j9lM+n42j9lY+nfRm2j9lt+n4Av39eTLIO5gzeers7dj1:NzfDbPX1XVXrAv39eTLIO5gPrsRh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2940 wrote to memory of 2104	2940	rundll32.exe	28
PID 2940 wrote to memory of 2104	2940	rundll32.exe	28
PID 2940 wrote to memory of 2104	2940	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Tool_1CD_2016v030_edit_mode\icudt40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2940 -s 84
  2⤵
  PID:2104