c47a1cc18718a89167453fa2aa6ae36c167e2706d0ddf538124afa2ff3ee94e0

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 14:20

Target

c47a1cc18718a89167453fa2aa6ae36c167e2706d0ddf538124afa2ff3ee94e0.dll
Size

1.2MB
MD5

42865cfd79ba0b4be84a66f9fd2a4bd1
SHA1

793abd01c0d7e7c7271488523f405f2103241d49
SHA256

c47a1cc18718a89167453fa2aa6ae36c167e2706d0ddf538124afa2ff3ee94e0
SHA512

c747f8ef1551b22d439f341433fb69803e4a74b60bc5c9ad6a48a3edd2e4ab6ec8109623435107993e753aefb9029f4798f68f3c72c10c1b2920b1e6ed7945cd
SSDEEP

24576:Lp2qJU4iIuB2cMh1Mgc17V/sCaGhRwQasBxUy0G4ITvVtQOZz0r/aahQIStkq:JmyD8R8QqKbQ8AmvKq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2980	2948	rundll32.exe	28
PID 2948 wrote to memory of 2980	2948	rundll32.exe	28
PID 2948 wrote to memory of 2980	2948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c47a1cc18718a89167453fa2aa6ae36c167e2706d0ddf538124afa2ff3ee94e0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2948 -s 80
  2⤵
  PID:2980