3db2c1f543f255d87c37c3faa0dc3c4e20e0e939a20c58db4efad1bab9b55e9a

Analysis

max time kernel
121s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 19:02

Target

zen.win-specific\zen\msvcp140.dll
Size

549KB
MD5

03aaa9d4284dac195f66435836f42b99
SHA1

8d91b4863f4382783825d7e282a466675565a0d6
SHA256

aa72ab084da6f07411546c5073bd89f5a463cd18daca910b8c6f16f18976f747
SHA512

43b39a5fec54312f0f2c2897b1aebb3a7e55b3172709da04dc25565e115ab0af3501f016e70b021e1f550c60349b4e8b18fe9e4fd87a0535428de7da6001202c
SSDEEP

12288:EPeu+VwM4PRpJOc8hdGE0bphVSvefIJQEKZm+jWodEEVwDae:OqwpzSFJQEKZm+jWodEEqT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 552 wrote to memory of 868	552	rundll32.exe	WerFault.exe
PID 552 wrote to memory of 868	552	rundll32.exe	WerFault.exe
PID 552 wrote to memory of 868	552	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\msvcp140.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 552 -s 84
  2⤵
  PID:868