7bc23223c8f81d70c230ceac3deb05670e9778974fd285b8cae1e693c2367de4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 12:15

Target

DontBearWithCheaters/execution.dll
Size

1.3MB
MD5

c5f72cba67c646699f1eae560c68526e
SHA1

5878c0ee13aee3f6c9b2954c03ebfeb9fd2daeaa
SHA256

c9ca1b4914495015ff1c4987cef248df97c743242f5c498a1bd07786d508abdc
SHA512

de2ca2706f939ce659bbd5182c080716d0fb23f18a3a9e2e4c1a500dc6b42ec516b83dde565202243ff827e14ed5b7dc5f1c43b47224e00fa41976ff9443bb4f
SSDEEP

24576:dDTNKK87f4ZU2wWgRPcvtd5cqX0Inwpj4lHWALxycRy1g76yW6xnO:3nwl4l2ALNRyupxn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2812	2728	rundll32.exe	31
PID 2728 wrote to memory of 2812	2728	rundll32.exe	31
PID 2728 wrote to memory of 2812	2728	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DontBearWithCheaters\execution.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2728 -s 148
  2⤵
  PID:2812