14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:06

Target

14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175.dll
Size

1.2MB
MD5

d2bbd199868de5ca06e93ecdc8e14ff3
SHA1

d7335736dab4c77dec298153ff879f435b1afbd8
SHA256

14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175
SHA512

a1b9b3a4fd90327e3fa66f7eda279b2bc8ff16fad699750d04b5beffec67cbf82d53753d33026262e7ed1848e74fcef0c990438a196d1413a4eae10261d67816
SSDEEP

24576:v2zijmhY7UcwPwxbFNbnMH3TOBXYYTe/ypvE/WsjzZEv5dRaseJ8:v2zhcwoxbFN7y3UEKpEKv5dRasem

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2752	2708	rundll32.exe	30
PID 2708 wrote to memory of 2752	2708	rundll32.exe	30
PID 2708 wrote to memory of 2752	2708	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2708 -s 148
  2⤵
  PID:2752