ecae5d7bab35f6e17dc95ed17439a7aec4a74b5bd0dd45f839b27d0be458e1b8

Analysis

max time kernel
110s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 09:26

Target

506decc74d25c95bbc406b31b4dcab40N.dll
Size

132KB
MD5

506decc74d25c95bbc406b31b4dcab40
SHA1

294aaa4bf0b584001c90d469b57dabcf356afb40
SHA256

ecae5d7bab35f6e17dc95ed17439a7aec4a74b5bd0dd45f839b27d0be458e1b8
SHA512

d1c3eb051c5dcbe337a00dceac05f508f8d42073d570b98abe2c8454b458912e7f24fd8db03e2c819e20d89568b4a4ac2b04f65ece44915b93387cca81ae3225
SSDEEP

1536:8FBLUo8M/QPYC0B99gbNhugMS5i1bUiIfD027X20Z5Jev04sWusd09dlYcbcav6b:wGo8MYmB99SrtM0ieiG027XM8mMu0ca

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2380	2544	rundll32.exe	30
PID 2544 wrote to memory of 2380	2544	rundll32.exe	30
PID 2544 wrote to memory of 2380	2544	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\506decc74d25c95bbc406b31b4dcab40N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2544 -s 100
  2⤵
  PID:2380

memory/2544-0-0x000007FEBE480000-0x000007FEBE490000-memory.dmp

Filesize
64KB

Download
memory/2544-1-0x0000000037A40000-0x0000000037A50000-memory.dmp

Filesize
64KB

Download
memory/2544-3-0x0000000077A00000-0x0000000077BA9000-memory.dmp

Filesize
1.7MB

Download
memory/2544-2-0x0000000077A51000-0x0000000077A52000-memory.dmp

Filesize
4KB

Download
memory/2544-4-0x0000000077A00000-0x0000000077BA9000-memory.dmp

Filesize
1.7MB

Download
memory/2544-5-0x00000000FF170000-0x00000000FF17F000-memory.dmp

Filesize
60KB

Download