7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-04-2024 22:56

Target

7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12.dll
Size

254KB
MD5

088a38e23ec7e33bb34de333967ea4d0
SHA1

40eb36cfdbd2bdcdc84b224d1f4666003d8f4ac5
SHA256

7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12
SHA512

7b0997eefea28df5d17d324336fe85a50d793fabba1b05878021706442fe3c168a0e0f41ec7bc208891780d09a34b1c068f0923a916055aeb8d846ef0766af8d
SSDEEP

3072:TJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/6494YJGaXMLIHnaH:TJwpYVNcn3pTdNe+WXVix4uzH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2208 wrote to memory of 2332	2208	rundll32.exe	WerFault.exe
PID 2208 wrote to memory of 2332	2208	rundll32.exe	WerFault.exe
PID 2208 wrote to memory of 2332	2208	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2208 -s 108
2⤵
PID:2332