d603137c0fa78fad4cf0f80498fddb7eb0e8f115a9d360e9ec88d21cbbeb6944

Resubmissions

29/07/2024, 02:56

28/07/2024, 16:23

max time kernel
117s
max time network
133s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/07/2024, 16:23

Target

clrgc.dll
Size

650KB
MD5

107332498bbd353c98eaaede29cd0f02
SHA1

81232df967bcb16c073ea69a7405ac7b67613f8a
SHA256

dcd41cbd6dfa262bbd00ad3afaaf93ee5fc185c58a9dfb97ca1975aa367f9f2a
SHA512

1c2d6ef3c0e63d376a95de2403fee395c22d8d783f2956a8cc164514a51d85f5a768f0977939a490d1358cafe268703c374cf789056b8094d68d6ae237f98150
SSDEEP

6144:zASNUjAma1XYwwgbL+08M9Lm5e8oMKVz6m/iIF9iZkFFMFVge5HX8l/G/QqjgDud:0Smjba1XYwsMA5gMsPQkFgLZX8lyXjg8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 1708	1596	rundll32.exe	30
PID 1596 wrote to memory of 1708	1596	rundll32.exe	30
PID 1596 wrote to memory of 1708	1596	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\clrgc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1596 -s 88
  2⤵
  PID:1708