f1e1a60305360186b0bb73dd4c4008092b09c37525c507f92fe4945c8db0625a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 04:41

Target

f1e1a60305360186b0bb73dd4c4008092b09c37525c507f92fe4945c8db0625a.dll
Size

31KB
MD5

0f0ba68edf0fda554030eb814a46ee7d
SHA1

0a9d8994fde34b11a5d291f6bbdfadc02f575821
SHA256

f1e1a60305360186b0bb73dd4c4008092b09c37525c507f92fe4945c8db0625a
SHA512

f1503c13d09ba1a01af87c5665f81c5615b9a415132240b68ad9c2b8564d049b50618fa34f9c19390583c85d5010418419236b005f0fff8c508838c23b26c8c4
SSDEEP

384:19agaUZWixEWIxi0pSt+e/QcYR9z60m4w5QRtHRN7WcYR9z6/8X:19taimxi0Q5Qn9z18QRtWn9zv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1736	3024	rundll32.exe	28
PID 3024 wrote to memory of 1736	3024	rundll32.exe	28
PID 3024 wrote to memory of 1736	3024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1e1a60305360186b0bb73dd4c4008092b09c37525c507f92fe4945c8db0625a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3024 -s 80
  2⤵
  PID:1736