7d7b9506ac00116db07a14cacb93713f2a50c07d68803ffaa9a285d102e58113

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 23:06

Target

7d7b9506ac00116db07a14cacb93713f2a50c07d68803ffaa9a285d102e58113.dll
Size

1.7MB
MD5

af8b0222410fb6676b94fd0c00707c67
SHA1

40a3460007e3909caec4c8f481cf902a10a50a03
SHA256

7d7b9506ac00116db07a14cacb93713f2a50c07d68803ffaa9a285d102e58113
SHA512

45f8b9e9a22d2a90da7c27aa5623ec912724b0c2e1115f1411a7e91707c3202e42d83475b83bc4e729ef50c5a29251bf7f598405f7349ef007449fa85d8d9322
SSDEEP

24576:SYF99VtJ4cbk0RKgihoUUOZ8RGFHEOtQjZRKQTtu/ILz1dcdbp5h:F9tbk0RKL38RGF2jZBw9pP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2652	2724	rundll32.exe	30
PID 2724 wrote to memory of 2652	2724	rundll32.exe	30
PID 2724 wrote to memory of 2652	2724	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d7b9506ac00116db07a14cacb93713f2a50c07d68803ffaa9a285d102e58113.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2724 -s 80
  2⤵
  PID:2652