be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 18:30

Target

be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d.dll
Size

1.2MB
MD5

588635c5b482b8ad142f2f6947ed92cd
SHA1

97db62f6b3363d6e056a0a2ff1bc7c8adc98d1ff
SHA256

be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d
SHA512

5db9c26d8135f960d4204c0f669710987eabed47883613b77dbb8127f66a9e22ed9c667423783a0472b8dcebdc263c6f73de5a0f0cd87b9b6e427284b5d23681
SSDEEP

24576:JQYHDcKDlfwLCeA6XACXS1HMq/fQhvxasfOriL5ChXsTA7IC:pfXKXAhsmJjnhiC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1888 wrote to memory of 2464	1888	rundll32.exe	WerFault.exe
PID 1888 wrote to memory of 2464	1888	rundll32.exe	WerFault.exe
PID 1888 wrote to memory of 2464	1888	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1888 -s 84
2⤵
PID:2464