1f13fd90387c2d04c7362b04b3b21b0ff101dc2753b33aa1fc9f9b59ec669090

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 19:39

Target

1f13fd90387c2d04c7362b04b3b21b0ff101dc2753b33aa1fc9f9b59ec669090.dll
Size

132KB
MD5

9ae3cb9ec164e962ad8615ba005fdfcd
SHA1

1e3e0a011ff7f2173da77ad32338223ddf2e1670
SHA256

1f13fd90387c2d04c7362b04b3b21b0ff101dc2753b33aa1fc9f9b59ec669090
SHA512

94cfe5545c1f3aae5b56ae89b8a0042c7dd2e271edf9bdcfef10a97c42ccaf10b6263d82048117aa4a3f34e7234d50bcc57740b6e613e178c8a42d0c082e1a17
SSDEEP

1536:8FBLUo8M/QPYC0B99gbNhugMS5i1bUiIfD027X24Z5Jev04sWusd09dlYcbcIq6b:wGo8MYmB99SrtM0ieiG0273M8mMu0cI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2044	2292	rundll32.exe	28
PID 2292 wrote to memory of 2044	2292	rundll32.exe	28
PID 2292 wrote to memory of 2044	2292	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f13fd90387c2d04c7362b04b3b21b0ff101dc2753b33aa1fc9f9b59ec669090.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2292 -s 72
  2⤵
  PID:2044