8064ae1cf196a7651b4d10c519ec89180dae6d16d602f8549692a70b050e9c82

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 06:15

Target

8064ae1cf196a7651b4d10c519ec89180dae6d16d602f8549692a70b050e9c82.dll
Size

1.3MB
MD5

37ed0308109d6524658df709e9dd2bea
SHA1

feb16fe282e86f85ec288cd3e8f6ffa398a1dec1
SHA256

8064ae1cf196a7651b4d10c519ec89180dae6d16d602f8549692a70b050e9c82
SHA512

b7fcaf537c2b4872c9e72fa6d46898516ce2546b13949f606b1a887567066a578ea737618fd00576bad255cd403af5886f1d6d4e38902eed89f9d4b4d1ebe402
SSDEEP

24576:n1FCKisuEMfumVLFMnGC786ZQkh4lZ181gUOrPdIdH6:HCRsuOsunGC7jXIZWkrPdUH6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 1236	1968	rundll32.exe	30
PID 1968 wrote to memory of 1236	1968	rundll32.exe	30
PID 1968 wrote to memory of 1236	1968	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8064ae1cf196a7651b4d10c519ec89180dae6d16d602f8549692a70b050e9c82.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1968 -s 132
  2⤵
  PID:1236