d1b2b3f02ec42a83a9d3226eef0be7c780fc556429d8344c680ba61ef98ead96

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 11:05

Target

vcruntime140.dll
Size

116KB
MD5

699dd61122d91e80abdfcc396ce0ec10
SHA1

7b23a6562e78e1d4be2a16fc7044bdcea724855e
SHA256

f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
SHA512

2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff
SSDEEP

1536:KqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbsecbWcmpCGa3QFzFtjXzp:KqvQFDUXqWn7CkRG7YecbWb9a3kDX9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2128 wrote to memory of 2960	2128	rundll32.exe	WerFault.exe
PID 2128 wrote to memory of 2960	2128	rundll32.exe	WerFault.exe
PID 2128 wrote to memory of 2960	2128	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2128 -s 80
  2⤵
  PID:2960