b06de5b6be71a0848629b4ae5e55a0f20c044aedb423828c2c5fb3a9bd75367a

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 16:39

Target

b06de5b6be71a0848629b4ae5e55a0f20c044aedb423828c2c5fb3a9bd75367a.dll
Size

1.2MB
MD5

276da73d826a0ae2498bf94bacacb99a
SHA1

c0f46c5ad36c8117a9c84022621f282620c32993
SHA256

b06de5b6be71a0848629b4ae5e55a0f20c044aedb423828c2c5fb3a9bd75367a
SHA512

8787c885acc5ba6567e64dd1ced653392de499490276581af6c628f3fc7c7100ae2ac018562ee139ff837dce9aab49d1662149dcfbc80fc53f372032e4ad8254
SSDEEP

24576:RX2XuxPjBCdsjb/mwzOW2R1c527W6osp2fp7zVrwzeE:jx7BzOWclYplMSE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2532	2928	rundll32.exe	28
PID 2928 wrote to memory of 2532	2928	rundll32.exe	28
PID 2928 wrote to memory of 2532	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b06de5b6be71a0848629b4ae5e55a0f20c044aedb423828c2c5fb3a9bd75367a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2928 -s 80
  2⤵
  PID:2532