4752ac8fc224dfab5b2611fcdd1adb2c3223165dcb5c7e54c30428733981eb67

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 17:56

Target

4752ac8fc224dfab5b2611fcdd1adb2c3223165dcb5c7e54c30428733981eb67.dll
Size

1.2MB
MD5

771f75ddb5d7e1e44e44e81261746627
SHA1

7346aa3308a63e95efb53d2ca1893dad5a753af0
SHA256

4752ac8fc224dfab5b2611fcdd1adb2c3223165dcb5c7e54c30428733981eb67
SHA512

2b0a6c732ec4627067d139f8986143b0cd00d5df92dffb2be00ed7f1ad7585dced72f1761d14cbd64dc42f18966f5b5c29f3fe508b564c0f8852c441f7f19a14
SSDEEP

24576:SxOU/7+LUu4af1WAiwdwjUWHWQuONnh7AC2Dq+FRPa8DacrDSO:YKVvxa4s0HBaciO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 912	824	rundll32.exe	16
PID 824 wrote to memory of 912	824	rundll32.exe	16
PID 824 wrote to memory of 912	824	rundll32.exe	16

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 824 -s 80
1⤵
PID:912

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4752ac8fc224dfab5b2611fcdd1adb2c3223165dcb5c7e54c30428733981eb67.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:824