244509ec1a0adbeac56f2ab4307ba58c75a733e5b547e0891ae33340c82343c6

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 19:20

Target

244509ec1a0adbeac56f2ab4307ba58c75a733e5b547e0891ae33340c82343c6.dll
Size

415KB
MD5

908f785ec66b48808d1cd9fc775efe3f
SHA1

0ac205d041be1fbbf03829c5d3abfeb9d2503098
SHA256

244509ec1a0adbeac56f2ab4307ba58c75a733e5b547e0891ae33340c82343c6
SHA512

26722524bc51fcecbdbea21aa01dca7f7cd22a06fd4cdfcefbedba284e58b62425c4743a4d4d4b295ff0b6f68e852445f8ffc8ee672fc00a15c3726c30ff744c
SSDEEP

6144:NFqNk/Y2WIDoHuE+uslD7pPuumIgz9st3NWSvrtxD9C4ckCDUDEris60LEdqUhK9:Hqj26uRlRP1B3N/rn/ckk60LEdqUE9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 640	2540	rundll32.exe	29
PID 2540 wrote to memory of 640	2540	rundll32.exe	29
PID 2540 wrote to memory of 640	2540	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\244509ec1a0adbeac56f2ab4307ba58c75a733e5b547e0891ae33340c82343c6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2540 -s 80
  2⤵
  PID:640