3c905205100e730d2d65f388a4533f3064e33dc4349188b2727fc9911b3f4078

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 20:57

Target

3c905205100e730d2d65f388a4533f3064e33dc4349188b2727fc9911b3f4078.dll
Size

1.2MB
MD5

fe5dac2a04364a471bdbc8ebde403311
SHA1

1dfaeb9940ca23dffd24a39b7d2b3c3d41e88792
SHA256

3c905205100e730d2d65f388a4533f3064e33dc4349188b2727fc9911b3f4078
SHA512

a2c9559f46fa9d67bd09e54da8cb20fa62cf53c10dac82686a5d23d82fee0288fd92afb39422e0ab0bc6ad36fed890c4085eef81da1d650e9dff350ceb021ed2
SSDEEP

24576:5XK6ZFu5DoLYiLgBoAFvEAvxm4i0uuxhJV8e11t:RS4/AFGel

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2928	1772	rundll32.exe	28
PID 1772 wrote to memory of 2928	1772	rundll32.exe	28
PID 1772 wrote to memory of 2928	1772	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c905205100e730d2d65f388a4533f3064e33dc4349188b2727fc9911b3f4078.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1772 -s 80
  2⤵
  PID:2928