5024dea6426d4c243734c12c159ac6930ddf9e7bf5f2f32c27742ea78bc8f100

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 09:52

Target

5024dea6426d4c243734c12c159ac6930ddf9e7bf5f2f32c27742ea78bc8f100.dll
Size

956KB
MD5

2e8f63ea036c648adc4ff41bacf1e8bf
SHA1

2616e9a195b4355f71c2193bfac4c9f81e843ab1
SHA256

5024dea6426d4c243734c12c159ac6930ddf9e7bf5f2f32c27742ea78bc8f100
SHA512

d892787610215614c04d182542c3e96b8124a2b6fc44370bdc3456b2abc13d7adaeea47f8689159ca4b5303372c715df2995f7279278ebdc49d929516caae9a4
SSDEEP

24576:ZJS57CAhXiTQ6B5ZGZow6Ips4AD4DxYFD:nSFLX658Zo6ps4jNYFD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2320	2128	rundll32.exe	28
PID 2128 wrote to memory of 2320	2128	rundll32.exe	28
PID 2128 wrote to memory of 2320	2128	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5024dea6426d4c243734c12c159ac6930ddf9e7bf5f2f32c27742ea78bc8f100.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2128 -s 124
  2⤵
  PID:2320