833c890d37f1476bf433bc1b13e3f66e7ea32405469d1162302ed51e67331b21

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 02:38

Target

8908c0.dll
Size

2.2MB
MD5

febb65fc3b6021b4ec253081160b4407
SHA1

f59041cd0619d819fe99cb93eee9ee084e49592e
SHA256

833c890d37f1476bf433bc1b13e3f66e7ea32405469d1162302ed51e67331b21
SHA512

b2875c62e946b6010d70e54b23aaa39fdd68705b8bb78f4110d8d662f324511ec16dffeba64fd5eb7056e1c7a52aeb2e7b272180f3e9ec7c0a1f5f8fad5c5f2f
SSDEEP

24576:2ox0LGhZcyddGmBPgM7ow+nOGXNvAXu9uMedbOLnTeBZS7F:1x0LGhWmcm9gME/NvACA0TevS7F

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 636	3036	rundll32.exe	28
PID 3036 wrote to memory of 636	3036	rundll32.exe	28
PID 3036 wrote to memory of 636	3036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8908c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3036 -s 312
  2⤵
  PID:636

memory/3036-0-0x0000000001E60000-0x00000000020A3000-memory.dmp

Filesize
2.3MB

Download
memory/3036-1-0x00000000779B0000-0x00000000779B1000-memory.dmp

Filesize
4KB

Download
memory/3036-3-0x0000000001C20000-0x0000000001D60000-memory.dmp

Filesize
1.2MB

Download
memory/3036-2-0x0000000001C20000-0x0000000001D60000-memory.dmp

Filesize
1.2MB

Download
memory/3036-4-0x0000000001E60000-0x00000000020A3000-memory.dmp

Filesize
2.3MB

Download