b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 11:59

Target

b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6.dll
Size

121KB
MD5

c7d307d036f1129636bed49dcfaa444c
SHA1

632c83fd329fe80e6aac51c17e74de348ef62dc4
SHA256

b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6
SHA512

0bd429b54bf8e91f738c1b05497449c9d8c3babc84211d473635242ce407f4901f225c5c662ecc7e114cb26ad124fcfdd487eae78228d93bb6e481aac8a39b09
SSDEEP

1536:7bFoFiH24cMPFviOEN85zGhu9Q25SlBToCXnNR:7beFidca0N81pCZToin7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 1816	1676	rundll32.exe	28
PID 1676 wrote to memory of 1816	1676	rundll32.exe	28
PID 1676 wrote to memory of 1816	1676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1676 -s 108
  2⤵
  PID:1816