1bdaa1556e4287b534d54c5aeda2130c7288da58526c294daaedbb298c2fbd62

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 19:45

Target

1bdaa1556e4287b534d54c5aeda2130c7288da58526c294daaedbb298c2fbd62.dll
Size

12KB
MD5

a93fc50c1a52e85176a29ddb50b6b625
SHA1

f06a02a9150ecdee097e314af23474a32baa5702
SHA256

1bdaa1556e4287b534d54c5aeda2130c7288da58526c294daaedbb298c2fbd62
SHA512

04fec95e2f49a4363747683bf327808f04c6fa201b4b85955779d3480f524eba20838789eea0b807e3daa8bb53aa369ad33a5425a36521ed055d7df4a760b57c
SSDEEP

192:kfg7taUniCkzAkBfPO0+LRl3osm5r1K6TSAvX2TrJAUKyDbJw:kitaUniQmMdl3oj1gK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2948	1888	rundll32.exe	28
PID 1888 wrote to memory of 2948	1888	rundll32.exe	28
PID 1888 wrote to memory of 2948	1888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bdaa1556e4287b534d54c5aeda2130c7288da58526c294daaedbb298c2fbd62.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1888 -s 80
  2⤵
  PID:2948