4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 10:50

Target

4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll
Size

188KB
MD5

2410d0d7c20597d9b65f237f9c4ce6c9
SHA1

cd807d416897d84c8aeeccf92096186ffe62cf58
SHA256

4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651
SHA512

54b04d63f76c8ad86d1bb65982b10a4cb41b8a840224f93469cb17ba8e157d7c1794e22a84660911a1e033388e28080b606971b059e30ca51a3d54150426b8f8
SSDEEP

3072:6WLoO17293SCUOPsjdZpn5O7w4vPmGpEuslwL/QodYhythqRUc:1LoO1KTUOPsjdjM043mGmu9jXaRU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2180 wrote to memory of 2488	2180	rundll32.exe	WerFault.exe
PID 2180 wrote to memory of 2488	2180	rundll32.exe	WerFault.exe
PID 2180 wrote to memory of 2488	2180	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2180 -s 84
  2⤵
  PID:2488