d1467b8a233e4a37a22e37a99cdd4259fed226b5258005848f34eb78cf3a7ec8

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:04

Target

d1467b8a233e4a37a22e37a99cdd4259fed226b5258005848f34eb78cf3a7ec8.dll
Size

926KB
MD5

a88f74ba9c36325d9b1e39dc3720f201
SHA1

7ef8334bee08d63f3b9520874ecfbcb2dfb5890b
SHA256

d1467b8a233e4a37a22e37a99cdd4259fed226b5258005848f34eb78cf3a7ec8
SHA512

04b5f8fd63a172a8b22635264a5b650ecabb1c10fe9e6fed9ec6c698b37be3e02f35ecb71a50fdc388a0d9bdf3f305ad81e0ea0c9aed5504a55c9fd444021ecd
SSDEEP

12288:EE1Kv/t2DRnon+Aph0lhSMXlihcPU0FdYfar+/DJtr+03UqJ:EUKvV51h0lhSMXlScPU0Fdd+bJtr+Q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2292 wrote to memory of 1144	2292	rundll32.exe	WerFault.exe
PID 2292 wrote to memory of 1144	2292	rundll32.exe	WerFault.exe
PID 2292 wrote to memory of 1144	2292	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1467b8a233e4a37a22e37a99cdd4259fed226b5258005848f34eb78cf3a7ec8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2292 -s 208
2⤵
PID:1144