6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74

Resubmissions

26-11-2024 19:04

26-11-2024 19:02

max time kernel
90s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 19:04

Target

lua51.dll
Size

479KB
MD5

47885ad50b2f52aec010ea4416a99ffd
SHA1

19953daea1f663c1521deaeccff656cc110d6f8e
SHA256

88c5bfba7b487bc311d7bd5877f7ee7a7f8dae8347e19079c00ed79625055f67
SHA512

19476a1491d9321bb6cd2428ee1e0cb354e12fe27d43162f6bbe7765c8b24d185ce48f890ce6c7b1cd441b3cfce196f6304bdf2223e853d88e2b3272ac7a05a9
SSDEEP

6144:mGZD0cO8e7yGRJAtzlz0JeGn5yGClkcUxU+/vDLdmbePFOxEwZgOOVs+loxjsxVi:utZJAzzwnvdmblvjsxV+qPVqcSkBBt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2748 wrote to memory of 2532	2748	rundll32.exe	30
PID 2748 wrote to memory of 2532	2748	rundll32.exe	30
PID 2748 wrote to memory of 2532	2748	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2748 -s 80
  2⤵
  PID:2532