d0ba0bcc57bf35cd469ffaf352cf950d04358d1d64e127fb9fd05f21d264598d

Analysis

max time kernel
0s
max time network
1s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 02:53

Target

s1.dll
Size

326KB
MD5

3b402bf2f6c71870316ef98f542de4ab
SHA1

9649fab1fa0ed9a9023296a94044290e8943b07e
SHA256

d0ba0bcc57bf35cd469ffaf352cf950d04358d1d64e127fb9fd05f21d264598d
SHA512

15a0fa3acdefc0c9cd57463c43ba2a25f63c75a75107a4b3b97c852fec320732b8d097f01a181a80e5a83655f7fca9b6faca8a8455029f2acce3d948071afe29
SSDEEP

6144:+Fy2V4hFdhFY4tvNT5MERCd9WU9OVBozuFEynBgULraN:8ynhTYkl5MOiTsBoSFEynmU

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1932	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2712	1932	rundll32.exe	28
PID 1932 wrote to memory of 2712	1932	rundll32.exe	28
PID 1932 wrote to memory of 2712	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\s1.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1932 -s 108
  2⤵
  PID:2712

memory/1932-0-0x00000000002A0000-0x00000000002DA000-memory.dmp

Filesize
232KB

Download
memory/1932-2-0x00000000002E0000-0x000000000031F000-memory.dmp

Filesize
252KB

Download
memory/1932-11-0x000007FEFCE44000-0x000007FEFCE45000-memory.dmp

Filesize
4KB

Download
memory/1932-12-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

Filesize
432KB

Download
memory/1932-10-0x00000000002A0000-0x00000000002DA000-memory.dmp

Filesize
232KB

Download