5e7b8f81ce66cfe606ea6470b596cb9fdeace6a3469ee06d3dfe049e1e2951d8

Resubmissions

10-04-2024 04:28

19-12-2023 11:50

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 11:50

Target

5e7b8f81ce66cfe606ea6470b596cb9fdeace6a3469ee06d3dfe049e1e2951d8.dll
Size

1.8MB
MD5

1cf72e954ed000c16e5cc327e91bdde4
SHA1

39acb9bf780d195cb9308f3f7d48d9a2e0ac6979
SHA256

5e7b8f81ce66cfe606ea6470b596cb9fdeace6a3469ee06d3dfe049e1e2951d8
SHA512

e84a447dc86fb67348cba47d48cee59088a6bbcf7086ffa91920727027e40106892769279fba27ea502e29afde48dddf971ef08418cb7a410dbc7eb2e3961fdd
SSDEEP

24576:7znngr4eig/HxkaoDFITvg9iLXYgIcjGNz5139EOapmIpniJ:7z64gxnoRGI9MXFrjGxNEOapmIpn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2860	2052	rundll32.exe	28
PID 2052 wrote to memory of 2860	2052	rundll32.exe	28
PID 2052 wrote to memory of 2860	2052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e7b8f81ce66cfe606ea6470b596cb9fdeace6a3469ee06d3dfe049e1e2951d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2052 -s 120
  2⤵
  PID:2860