1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 09:07

Target

1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d.dll
Size

256KB
MD5

b8981ad9c13cd93e90ea28204822cd84
SHA1

1e47d0fba3bf7946a695ed571e7103221b1a5a66
SHA256

1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d
SHA512

ac4bf82fe9ee5ea2722c1191d621d96448e898184043bebdb0165c9d1ade05816175ca48b571c9493051a85ceb7214523b2576e1ac972f77b3247dd703e5b186
SSDEEP

3072:7c0nsHpyvGj346lbkBb/gppj8aJGIhxjT3A8ygbLAZmitdGl39tjYJ1b/S1PcUdB:7c0bPhIpt8ahTw8PHA8itQpjvZuE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2292 wrote to memory of 2760	2292	rundll32.exe	WerFault.exe
PID 2292 wrote to memory of 2760	2292	rundll32.exe	WerFault.exe
PID 2292 wrote to memory of 2760	2292	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2292 -s 52
2⤵
PID:2760