6fce34c876af80e99b17a5a6fcf55e459ebbd6df3590825ed7391f2e224a4c28

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 17:42

Target

6fce34c876af80e99b17a5a6fcf55e459ebbd6df3590825ed7391f2e224a4c28.dll
Size

1.2MB
MD5

5ac4348abe519ce6ec8ea9f90d56ad2a
SHA1

2abc441df7131ef3aa5f79caa0c0c059a06b26d2
SHA256

6fce34c876af80e99b17a5a6fcf55e459ebbd6df3590825ed7391f2e224a4c28
SHA512

320e2e4b95c4c164277e1c3451db0cdfc68724e3b28d30305bab00eb8b13365065710be08f1bd36fc0efe41c29c7ec30092e92dca196ed6ae772363db561f888
SSDEEP

24576:jrZcCgifLC5yVOlFG1/V4WDfa+xtvzRCpZ9Vw7niWOGJ:eS52+NGM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28
PID 2328 wrote to memory of 2132	2328	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fce34c876af80e99b17a5a6fcf55e459ebbd6df3590825ed7391f2e224a4c28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2328 -s 84
  2⤵
  PID:2132