316f169de869e16b0abc875bb3d60fb13b3be8509455ae5ceb65b9e4ccfb348c

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 08:54

Target

PROCESO DEMANDA FRAUDE FISCAL/QtGuiVBox4.dll
Size

9.4MB
MD5

e74d017961a50822825aa733c6196efc
SHA1

4db6e896e19d43927377209b14e4abd928264671
SHA256

b13e868e0da8d43519b8694074bf70a8b90f9f1c27a89f168766f2fd435721be
SHA512

5750ff404c2835fb9df0512e1551b20b8f191280d8436fc196605931a40d8ca124a0e5686d9fe3a7b3dbd6cd9d81e13353a4d28d9669f859322ab66fe28cf8cf
SSDEEP

196608:xgPVEqXZkdKzT+G4VaA/rTOxdaOkjHtm9R+SyREiWI:xgdEqXZkdKzTF4VaA//OWOkjHtm9oSy1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2792	2720	rundll32.exe	31
PID 2720 wrote to memory of 2792	2720	rundll32.exe	31
PID 2720 wrote to memory of 2792	2720	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA FRAUDE FISCAL\QtGuiVBox4.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2720 -s 212
  2⤵
  PID:2792