3031a1468b031e4c63ac0b808e4b50a56022f9ec9619cae85203e6998d479ead

Analysis

max time kernel
19s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 14:44

Target

1ef0dff3f9d47b8e90df4ce8b6698db0N.dll
Size

643KB
MD5

1ef0dff3f9d47b8e90df4ce8b6698db0
SHA1

48057c07fdca9f96217a97156f7c7cb51bfe4076
SHA256

3031a1468b031e4c63ac0b808e4b50a56022f9ec9619cae85203e6998d479ead
SHA512

84fd5ddc1b97a770e62aaebc2225efa5295bb801320fd63901112c61dc4c79e19818dda466e6df01ea1aff95dd6b8c7364359d7d66e4261903b4ff228c5b180d
SSDEEP

6144:+YwDS9N+qVGUdofd85fOj0nFhAT/PAXir/eAqZfCbvnPm0CF:+nDSvbGUafdEOj0nFhQPnhuyXm0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2712	2220	rundll32.exe	30
PID 2220 wrote to memory of 2712	2220	rundll32.exe	30
PID 2220 wrote to memory of 2712	2220	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ef0dff3f9d47b8e90df4ce8b6698db0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2220 -s 156
  2⤵
  PID:2712