6c75e6a3fd8ab21468cc3b527a0d312a29a06f81c054f550a2b1ba8f6a0ffdd7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 01:10

Target

6c75e6a3fd8ab21468cc3b527a0d312a29a06f81c054f550a2b1ba8f6a0ffdd7.dll
Size

138KB
MD5

4e0e55e63170a9cac974ba47cbe5472c
SHA1

1c559f3c1c5c417a2e5a4e1cf0f148f89d124621
SHA256

6c75e6a3fd8ab21468cc3b527a0d312a29a06f81c054f550a2b1ba8f6a0ffdd7
SHA512

18ac21e2234b66068b2896b774a27765818ed82a28a041b44281766cc71935df819274970eb2009977cf5c93ce264ca478eeef37897fe5ccab361833b0f9ca1f
SSDEEP

3072:xth+MVUHGkuFdbunwvokl7iTeAmDBIT5aLPRkm:A0UHUruwvrFpITULRH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2968	1544	rundll32.exe	29
PID 1544 wrote to memory of 2968	1544	rundll32.exe	29
PID 1544 wrote to memory of 2968	1544	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c75e6a3fd8ab21468cc3b527a0d312a29a06f81c054f550a2b1ba8f6a0ffdd7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1544 -s 88
  2⤵
  PID:2968