7c5049b97fb6065b0797da5eca6c94578478cd87e4ae176c68a8bf17f6b03d4a

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07-01-2025 00:04

Target

dll/libvorbisfile_64.dll
Size

47KB
MD5

2c19065471fc5fe94399a233c254ca85
SHA1

ccae392ee05330cae52a6655855947dc70e74be3
SHA256

e24a43d6b0e61875c4d46570d5e38ac3329dd42c0857d0935439d913aa3c17c8
SHA512

220cdba175d8321853087b82f22ebb8193dc90734f425ae7fc85da2bcf2007087b0c1863cbfd84f6c3a637e3752ac87ff255f792226d2be131e7a33837926971
SSDEEP

384:ke2rmsvpGwK9QaXYBZ9b/kwmVkSA3/pTNYTdk1aLPHXrgP7gpw5WOOBp8FJ6ki26:6nv89iBswdSAQS7kWW/Bes2Mg62Ep

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2860	1868	rundll32.exe	30
PID 1868 wrote to memory of 2860	1868	rundll32.exe	30
PID 1868 wrote to memory of 2860	1868	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dll\libvorbisfile_64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1868 -s 80
  2⤵
  PID:2860