d1c9d3a47d13352208322fdbefc6d1613122711091c6815e7f5caacd69f303a5

Analysis

max time kernel
47s
max time network
31s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 21:56

Target

d1c9d3a47d13352208322fdbefc6d1613122711091c6815e7f5caacd69f303a5.dll
Size

1.2MB
MD5

d3e3fb589a78d6c4b504bc7a248cfe78
SHA1

cf411668cd733bca95519f880ef8aafd1dce0c30
SHA256

d1c9d3a47d13352208322fdbefc6d1613122711091c6815e7f5caacd69f303a5
SHA512

78ec20b13c1339e6ba2dda3e7e9c6e10fc0266dd1935f86dbed7e8daefbe6840c96e166f16588eca131ae56439c7df49ca3aaf420fdb056df5833b92e47b24d0
SSDEEP

24576:zzO33ic+tWTgB3EMMhhe+TJ3YD7sgpfzKTKqJNHjqvHGPujdclCg8PWNrqyW+5:mvSaIuoEKqJ5qBjdfZS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 2724	2832	rundll32.exe	29
PID 2832 wrote to memory of 2724	2832	rundll32.exe	29
PID 2832 wrote to memory of 2724	2832	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1c9d3a47d13352208322fdbefc6d1613122711091c6815e7f5caacd69f303a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2832 -s 84
  2⤵
  PID:2724