80212d56e02cbd5848880870d3702f3c1a8b5d15e0a320cc68c30cfb3e3c967b

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 12:35

Target

56aeba50c0d33a2b27b8c358d93db256d72a4c6896dcbe4e57e8380c99d93a74.dll
Size

256KB
MD5

649644093ab7a3820e0e28d839949218
SHA1

fb45e3e1f300199d76342028b9e59a785164ff30
SHA256

56aeba50c0d33a2b27b8c358d93db256d72a4c6896dcbe4e57e8380c99d93a74
SHA512

67057398097ff8a92c3be2043b48aee2f7deb1788aabe9a5ed3990f5b43d5bdeb82264fad902c9c3bb0043fc079408933661bb9e1306954eb1158b209f935ac3
SSDEEP

3072:4r+U7LVLn1BFdjGQX8dbDCRUCnhqxmTy1WOeJfUuIRrT10ZFPjEzcuT5cxAgYJuf:4r+USu+WOeOTCjLEIuTNg7W2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2840	2792	rundll32.exe	30
PID 2792 wrote to memory of 2840	2792	rundll32.exe	30
PID 2792 wrote to memory of 2840	2792	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\56aeba50c0d33a2b27b8c358d93db256d72a4c6896dcbe4e57e8380c99d93a74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2792 -s 104
  2⤵
  PID:2840