3348bd0dc009c3aa0ad98a2f243a49523366d47821b7a3519b57c114157bf425

Resubmissions

max time kernel
0s
max time network
0s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 19:17

Target

3348bd0dc009c3aa0ad98a2f243a49523366d47821b7a3519b57c114157bf425.dll
Size

1.2MB
MD5

27c2fbfd27b83838ac513476cf3f7bd0
SHA1

bacefe25c1a4c731ff80e13b50faa65075eb72ce
SHA256

3348bd0dc009c3aa0ad98a2f243a49523366d47821b7a3519b57c114157bf425
SHA512

5a3189c26b2d6c6c40050e221eb5086b3b4c39627a40fcc9ce6c2e2a25101c27ef3d7ef39729206e21a692807d04161fbcea2b7ea8d87c1c0e94dd1753b3baac
SSDEEP

24576:EUjN0L8a+sRTpkyO/VqQEOBTMguDgY6IKls36s5:EUjN0LOkkB/VqQEWTNYgrIKIj5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3348bd0dc009c3aa0ad98a2f243a49523366d47821b7a3519b57c114157bf425.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3040 -s 152
  2⤵
  PID:2140

memory/3040-0-0x0000000180000000-0x000000018012A000-memory.dmp

Filesize
1.2MB

Download