50218cd76716ccb1250f1a491cf26c883fdd18cd78b68c385649d3bbcf8c5cb9

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 03:31

Target

lib/freetype.dll
Size

672KB
MD5

6ae30af213a471e450c566e8377eacd2
SHA1

cbae27cbd3323b93e57bc8b6844ef8d2cbb67080
SHA256

cabb749f16cf301ae2d33876fe14c7df219c574e4d3628c5ce0dcf2bc83a965d
SHA512

810fe3e6ba85cbb8a47f6150b432129ce94ab149ef8ecd538d4804de719e879d49fd3f7dffc8a83c0e74be661059fc95e55690531e4fbaca5b657fc64401c79e
SSDEEP

12288:CX65+PTFaMhDlrgwvLPjEszpxL/NIKwd68eOP8qCa6DjbwLKQdfEWmj:CX6MRaMhprg0PwszpxD2Rk8eOP8qCBjr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2224	2148	rundll32.exe	30
PID 2148 wrote to memory of 2224	2148	rundll32.exe	30
PID 2148 wrote to memory of 2224	2148	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\freetype.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2148 -s 80
  2⤵
  PID:2224