03e7cb9e6bdcc56672d4f02c05669f5b8c64d3b90dc8a25bb3fb4e3de38f2aca

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-11-2024 02:02

Target

clocktuner-ryzen-2-1/libgmp-10.dll
Size

1.0MB
MD5

59dfe3c1a7a1932f2a4eaae5de2b2dd6
SHA1

875dd54d0d5a5bd37c892f9fc06a85f4ca45d8e5
SHA256

03e18f1d63a8748d5c4caba2d26bc87f9347c3d033d4674d14c43d4553bda912
SHA512

c62dfb6c12acadc22a9e92913192fda4ab7547ddae737af4ad9c1898fe8d8d3d86b4f94b2c04de400fc53e00fdda711ac8e01783c5eb8f0595af7a1497c3bb29
SSDEEP

12288:/ZELbkK8G1wIHwG/JtGXiL4U+KUiJl4pMN1HH4Fx69H2x/VG6VA2LF:h4ING1bKiHEwMMN1HH4Fx692x/Vq2LF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 2692	816	rundll32.exe	31
PID 816 wrote to memory of 2692	816	rundll32.exe	31
PID 816 wrote to memory of 2692	816	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\clocktuner-ryzen-2-1\libgmp-10.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 816 -s 80
  2⤵
  PID:2692

memory/816-0-0x000000006ACC0000-0x000000006AD99000-memory.dmp

Filesize
868KB

Download