5d8a536bbf1799ee0bc35b04d9ae091a72b9399c1e3491780722f00769704153

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 20:42

Target

4a0ab829d1fdb7cab74abd2d78702710995f4a80463412a66b46461eabbf1746.dll
Size

256KB
MD5

4183a8f3919b310377758f0e5679b1fa
SHA1

589019d71d28f3f13abaccb504dadffc326f8086
SHA256

4a0ab829d1fdb7cab74abd2d78702710995f4a80463412a66b46461eabbf1746
SHA512

29d4842ebf332aa69df9275a87c4dba26ffe7f5264bbdc9d60fd95cdb76c4c4ef46ede9d786a3521e8ae2cc5d434faafa4a2a2df2d0e7f9f1dcd6958c66fe506
SSDEEP

3072:TJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/ia494YJGaXMYsHnaH:TJwpYVNcn3pTdNe+WXViiR4u0H

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2180 wrote to memory of 2144	2180	rundll32.exe	WerFault.exe
PID 2180 wrote to memory of 2144	2180	rundll32.exe	WerFault.exe
PID 2180 wrote to memory of 2144	2180	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a0ab829d1fdb7cab74abd2d78702710995f4a80463412a66b46461eabbf1746.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2180 -s 104
2⤵
PID:2144