b289ea0b20dec50003128814ed38147ec248865b098f17aa82daf0c40f7c5d21

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27-08-2024 07:08

Target

fixer/temp/OpenImageDenoise.dll
Size

47.5MB
MD5

43b8ae36fb551bb0226bb59cf21431ce
SHA1

a18980353bce3abb27d40ec1e17b4d25f155c30d
SHA256

11213c268e6c67262d48e7351e1f6c196acbb91a9a1cf059d4d758c34368f08a
SHA512

26e3a28976ad880bafb12eba9d2fd7cf86cb21dcde465094a78ccb6aad4e33b0465dd8fad7df7c36a2787cb94010768e2e4c403ef24e4de2cefa7eb77e3d55ba
SSDEEP

786432:hnytAKo2dZOplxaeiF9Oz6CJk9w5ksfQYOSCIAnrxeMMNKo6LnZyj4fm2YkLuyp0:MW3pqPFUzJgw5hfXOXHnrbMZOnC4fmtN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2160	2140	rundll32.exe	31
PID 2140 wrote to memory of 2160	2140	rundll32.exe	31
PID 2140 wrote to memory of 2160	2140	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fixer\temp\OpenImageDenoise.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2140 -s 80
  2⤵
  PID:2160