3490a048843c7ef8418928b5de43a558a007286c2b65c815c77828c294aa26db

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
13/11/2023, 10:57

Target

3490a048843c7ef8418928b5de43a558a007286c2b65c815c77828c294aa26db.dll
Size

362KB
MD5

8b70e82261c84b97e25d76bf6f39e20c
SHA1

336fa4e033ef2c235b422a8c299bea46a10a4a4e
SHA256

3490a048843c7ef8418928b5de43a558a007286c2b65c815c77828c294aa26db
SHA512

4bc6b97769552cd4faf7999a7210742a552fcad02cd91d590583072e3778b74c4286d351ef41c898581fa8d263f8612ca442638ddf0fb1fa2f48308f5f9b9faa
SSDEEP

6144:CTuUmLRfPtUYpVkvQQ3rKbmSsPtf2MQAVNvDTjwXgEzy2KEc59jXhAG6:CTuUaDyQQGaSsPtf2Mpj0+/jij

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3064	3048	rundll32.exe	28
PID 3048 wrote to memory of 3064	3048	rundll32.exe	28
PID 3048 wrote to memory of 3064	3048	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3490a048843c7ef8418928b5de43a558a007286c2b65c815c77828c294aa26db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3048 -s 84
  2⤵
  PID:3064