5d6ba62520f66e70ee281b44342d4271eb98a9b9a5c50e61c28d84c86eb21958

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-04-2024 13:51

Target

Snake2Virus/VCRUNTIME140_1.dll
Size

35KB
MD5

ab03551e4ef279abed2d8c4b25f35bb8
SHA1

09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256

f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512

0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909
SSDEEP

384:diWe6RE3c6lqst5nZvS05fJjPXR51RWmbzw+XfeDky85xHrwB2BWrYKW4dHRN7qp:at3csN7xPXdRdP/ve6HrEUSKZz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 1676	1648	rundll32.exe	28
PID 1648 wrote to memory of 1676	1648	rundll32.exe	28
PID 1648 wrote to memory of 1676	1648	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Snake2Virus\VCRUNTIME140_1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1648 -s 80
  2⤵
  PID:1676