c7c1e87f74a0a769fed8b305ce43f926bd68e02e80f40976698366baa045b0cf

Analysis

max time kernel
142s
max time network
135s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 06:58 UTC

Target

bin/avutil-58.dll
Size

1.0MB
MD5

73955237a4c280afbd671ce1f79cd983
SHA1

afcd8f89ae598cfe8becea6adbb5ac203ce31dee
SHA256

0925c55555632c38c84393fddea2e2267af81fe49e0a404fa7242ec992dac7a5
SHA512

075978e9f76408d518e1f617c8fc3c522c4d47f015a0470d8f29d1e38a4b3e3d480bf0996f658c2c7e0555e7675664d2766186076e0f4479db4d6b50a7b9a826
SSDEEP

24576:5HsvVoHNByvxOrEUHxru3JrmfxecG58z8jB8:5HsdoHjyvxOrEUH03JSpz8jB8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2072	2068	rundll32.exe	28
PID 2068 wrote to memory of 2072	2068	rundll32.exe	28
PID 2068 wrote to memory of 2072	2068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\avutil-58.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2068 -s 140
  2⤵
  PID:2072

memory/2068-0-0x000007FEF6570000-0x000007FEF678F000-memory.dmp

Filesize
2.1MB

Download
memory/2068-3-0x000007FEF87A0000-0x000007FEF87B6000-memory.dmp

Filesize
88KB

Download
memory/2068-2-0x000007FEFAF00000-0x000007FEFAF22000-memory.dmp

Filesize
136KB

Download
memory/2068-1-0x000007FEFBC40000-0x000007FEFBC60000-memory.dmp

Filesize
128KB

Download
memory/2068-4-0x000007FEF67B0000-0x000007FEF69A3000-memory.dmp

Filesize
1.9MB

Download