6248b8a119344adca3ef9f9b9c920dae32abb061e5e365c041a3f6650c5c9903

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 01:28

Target

6248b8a119344adca3ef9f9b9c920dae32abb061e5e365c041a3f6650c5c9903.dll
Size

2.0MB
MD5

6e9ddad2af0bb95b241ac92bd07282d7
SHA1

fa35ba5239c7def50bd4b9481b3e7fcf4e44a218
SHA256

6248b8a119344adca3ef9f9b9c920dae32abb061e5e365c041a3f6650c5c9903
SHA512

dbf4f3c1b6f32f513c542b41852c7ae01eca7c60ae6b488e94c637c3ad3653ae8e10c6ac88e52502f00f8af1ed444620fa56908831deb52084774d4aba4d9d34
SSDEEP

49152:TCpkbw9OHhw1ywt/zJ4H0Jpms64B0WhKiDRsTmUnOJL+M:TN6AQ5Jpms698K8XLN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2604	2336	rundll32.exe	29
PID 2336 wrote to memory of 2604	2336	rundll32.exe	29
PID 2336 wrote to memory of 2604	2336	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6248b8a119344adca3ef9f9b9c920dae32abb061e5e365c041a3f6650c5c9903.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2336 -s 160
  2⤵
  PID:2604