4af97f359c0001cb6ff0ec2eb8c2893a9e8c96134e026fa35b0f04bbc299a7f9

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 21:31

Target

S0laradD/locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.dll
Size

118KB
MD5

6c12c930f974e5bc7872b58964f42359
SHA1

805c5c899c32535d2ee8b2bc12deefe5fdaae566
SHA256

094bfeb0692885f1e56bb363e1065099eab48a7988c8603fd6a3fb49ec88b09c
SHA512

f46c416e3f33e0526c2d4cb3df738f7c9b11fece350b90ca9613e5d86bae7a363dd20b80d62f5745a9d51773b655199537b09fcf47acf226f35002f39f1596d3
SSDEEP

3072:/WKjx2yp1tLqA1HB4kdeRqGmX5EMMi6leGS:3xBPVf1HB4kER4UFhS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2228	2296	rundll32.exe	28
PID 2296 wrote to memory of 2228	2296	rundll32.exe	28
PID 2296 wrote to memory of 2228	2296	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\S0laradD\locales\resources\app.asar.unpacked\node_modules\vibrancy-win\binding.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2296 -s 156
  2⤵
  PID:2228