eec615eb17016d0a7819e2a0edda28f10b556a55301a37227c9ca08b405f46b0

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 16:25

Target

bink2w64.dll
Size

393KB
MD5

f295086ac5c055362c0020e3be202b45
SHA1

b9fede06aa071891af042656c15eb9d313de2017
SHA256

07d0ecef6373f2c1ef487f40c4e443b38d29ef5bdcf3a30f592870828706b243
SHA512

7a71329e0b620636dabc60c0e6c0a4182f15c1c90cc052d2eb5623e51b6c26c73c694585423f85ade68a3d9279c1fdbdd2ed9f1f4067349d6338248b749cb2f9
SSDEEP

6144:eVhkcO47b5zK93pr3b/xI9PTao7N7l2OrIVYLU8OFsUZs4SqpXHeRKKT5VP+Ry4y:eVhqJri92IIiLysp4Sqlq7VP+Ryp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2100	1788	rundll32.exe	30
PID 1788 wrote to memory of 2100	1788	rundll32.exe	30
PID 1788 wrote to memory of 2100	1788	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bink2w64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1788 -s 120
  2⤵
  PID:2100