6b0c1b2f41972be5c78a9668b430b8414ef97f504e3ee104988ffbe602e92c91

Analysis

max time kernel
73s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 00:56

Target

6b0c1b2f41972be5c78a9668b430b8414ef97f504e3ee104988ffbe602e92c91N.dll
Size

4.8MB
MD5

5999c109d12e1feb2ffe8263f04d2920
SHA1

1fcacd5907d103962073ecac0a264ee262f4bee2
SHA256

6b0c1b2f41972be5c78a9668b430b8414ef97f504e3ee104988ffbe602e92c91
SHA512

aac80b34a9156116870663d9a63fcb3a03ace7b113baa7b9c88eafb669d4304c6f775422653ebdb6621e36c6d65fd1bee110fa9aa88b6193dd568be447436d02
SSDEEP

98304:BEo7Z3SHAqTgk8coH6RRIo3U9T09Bzj6dwm6S+wQIuzUv97Qhr52JUFF:B5Z3qAq0cth3U9u2Z6S3nuE9Mhb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2288	2352	rundll32.exe	31
PID 2352 wrote to memory of 2288	2352	rundll32.exe	31
PID 2352 wrote to memory of 2288	2352	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b0c1b2f41972be5c78a9668b430b8414ef97f504e3ee104988ffbe602e92c91N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2352 -s 608
  2⤵
  PID:2288

memory/2352-0-0x0000000001DD0000-0x0000000002885000-memory.dmp

Filesize
10.7MB

Download
memory/2352-1-0x0000000001DD0000-0x0000000002885000-memory.dmp

Filesize
10.7MB

Download
memory/2352-3-0x0000000001DD0000-0x0000000002885000-memory.dmp

Filesize
10.7MB

Download
memory/2352-2-0x0000000001DD0000-0x0000000002885000-memory.dmp

Filesize
10.7MB

Download
memory/2352-4-0x0000000001DD0000-0x0000000002885000-memory.dmp

Filesize
10.7MB

Download
memory/2352-8-0x0000000001DD0000-0x0000000002885000-memory.dmp

Filesize
10.7MB

Download