90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 12:40

Target

90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33.dll
Size

99KB
MD5

fe97c113301e79932b65ce87439d464b
SHA1

2f9e1236be80dc727d1f3734c9cd81dd7faef7c1
SHA256

90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33
SHA512

8f3e545ae4896951329f49d478d86314850a47ac8560705a8372626b7d908c62b589104f0d87720ca32c9eec8b54603c3d7901e7fd1ded5743ce8bad02994d1a
SSDEEP

3072:IGhjus7+i9nRbA5KUHuGbC6PWzaX+7vDwUYhUjF:IoDCwnRM/h

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2808	2480	rundll32.exe	28
PID 2480 wrote to memory of 2808	2480	rundll32.exe	28
PID 2480 wrote to memory of 2808	2480	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2480 -s 84
  2⤵
  PID:2808