f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 01:56

Target

Symbranchia/libgmp-10.dll
Size

619KB
MD5

819bc7486589d014d8fb07fa48fda00f
SHA1

0875f331bc35f31f90c8c6beae587118e3c74e82
SHA256

09a0f42528f124955dca1ff2905f04e8add2b490cd34d1743c175dddccfeb48a
SHA512

82ba377e0b991d691508b5f2f96b69932bb6a8c77c9e6c43cab869b8986fa1daaefe703b1725af08c83158bc838560799f426726b58f6d430bc068a5882f91ed
SSDEEP

6144:VqCGo2jbRSFZxZ3S9fO4yciqIJuYpvTHq7yXE/0vk5bBGslJ6NoUuUPaT1QANbr6:8Rsx8iP0/GkW/uUi6Al6G+Jh3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 2320	856	rundll32.exe	31
PID 856 wrote to memory of 2320	856	rundll32.exe	31
PID 856 wrote to memory of 2320	856	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Symbranchia\libgmp-10.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 856 -s 80
  2⤵
  PID:2320

memory/856-0-0x0000000074670000-0x0000000074711000-memory.dmp

Filesize
644KB

Download