38d2fa14660f8e27dbfe84af15da0fbb0239e335f54c80d6c85e14167098f38b

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
15-11-2023 12:02

Target

38d2fa14660f8e27dbfe84af15da0fbb0239e335f54c80d6c85e14167098f38b.dll
Size

121KB
MD5

d19d2e4156643803b37fae7de5802318
SHA1

0d1cfc559be92d6530fa1b8b35b60857caa5a7f5
SHA256

38d2fa14660f8e27dbfe84af15da0fbb0239e335f54c80d6c85e14167098f38b
SHA512

ca13bef6ae639c7d5c2dc780fa1aaacc6ce31e50ded100563b481c3ae224df51eb97d376c3ac4d422cb25e1bde56decb36682b86cde217ef8b16ecd2fac6e991
SSDEEP

1536:efbTTV7jIHgFWnpyyN8yNuVwMQlv3Rwfek:efvTFwgcn9N86l53Uek

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 2788	1280	rundll32.exe	28
PID 1280 wrote to memory of 2788	1280	rundll32.exe	28
PID 1280 wrote to memory of 2788	1280	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38d2fa14660f8e27dbfe84af15da0fbb0239e335f54c80d6c85e14167098f38b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1280 -s 108
  2⤵
  PID:2788