c72290d0795e9d6636d1e228fa88534963d0af3125ee59a412834e37d07c331e

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 02:35

Target

c72290d0795e9d6636d1e228fa88534963d0af3125ee59a412834e37d07c331e.dll
Size

483KB
MD5

d3a942c718c4da45ba4569cb459151a3
SHA1

399fdd7e9037088d4faf3b4bfb37eb41ab3af79b
SHA256

c72290d0795e9d6636d1e228fa88534963d0af3125ee59a412834e37d07c331e
SHA512

b1ded359698855f8f353e7e640b3a026afa0e4b037c923f2b1589be1f7ec3dc9cda577f69c3ad36ca6b684c1b683fe18869c17b2ac413f42e1cb25553fe7ff97
SSDEEP

6144:XTv0fq4dz9B4x4w/jvtGW9ZST3BypG48yOnb4pgsHVlAYnWeZRO8kL:XTN4dNw/jvtGW9c3BypaagYnnROZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 276	3016	rundll32.exe	28
PID 3016 wrote to memory of 276	3016	rundll32.exe	28
PID 3016 wrote to memory of 276	3016	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c72290d0795e9d6636d1e228fa88534963d0af3125ee59a412834e37d07c331e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3016 -s 80
  2⤵
  PID:276