151d7008edac758ba7abc7236d3b5a0e4b5170f8b49fb4b1796acfa5118b5030

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 17:45

Target

151d7008edac758ba7abc7236d3b5a0e4b5170f8b49fb4b1796acfa5118b5030exe.dll
Size

649KB
MD5

1f1d07d867e9e2b394f49a44f074a84e
SHA1

3762b4e52ffa86a903fc9c86ef20b53d644a93b0
SHA256

151d7008edac758ba7abc7236d3b5a0e4b5170f8b49fb4b1796acfa5118b5030
SHA512

ce7ac02d953037bc9c20a8250dd38e106bb64973e5ff9ca5516fcae8f286a37c7bd1bcc25ff4fe8d701d20c590222f33372b933b97cdfc341c54d453490ed09e
SSDEEP

6144:zOeEO602QcpwZZUIQfEeVyDf0x7/Ga0sxp4ycY1dA:6RpDPpwZNQM2rG6cci

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2348	2308	rundll32.exe	14
PID 2308 wrote to memory of 2348	2308	rundll32.exe	14
PID 2308 wrote to memory of 2348	2308	rundll32.exe	14

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2308 -s 116
1⤵
PID:2348

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\151d7008edac758ba7abc7236d3b5a0e4b5170f8b49fb4b1796acfa5118b5030exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2308

memory/2308-1-0x000007FEF6A00000-0x000007FEF6ADF000-memory.dmp

Filesize
892KB

Download
memory/2308-0-0x000007FEF6FE0000-0x000007FEF70BF000-memory.dmp

Filesize
892KB

Download