5b5b86753588423acf19ce83963a7b5201515a2e9e36e3da961a9493160c2c70

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 11:56

Target

5b5b86753588423acf19ce83963a7b5201515a2e9e36e3da961a9493160c2c70N.dll
Size

140KB
MD5

79a16a1438fdeb3bab329ebb19a6aa60
SHA1

908a0801e37d3bc60697f5098435c63166b343f0
SHA256

5b5b86753588423acf19ce83963a7b5201515a2e9e36e3da961a9493160c2c70
SHA512

51667f7ffc6fbe520c558e899f6745c749aac93eb1df655e6c6af3db4a2690c86677d16747660c5579ea9cbd7588ddd00d17e514836112431c70e83169bbf136
SSDEEP

3072:NBOiToirOM2SOie+26mw2wmreDv6QAckxgl:NBAird2SOi/mw2wKFck2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b5b86753588423acf19ce83963a7b5201515a2e9e36e3da961a9493160c2c70N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1056 -s 88
  2⤵
  PID:1256