7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07/02/2025, 18:37

Target

7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be.dll
Size

2.1MB
MD5

23168ee520a8310904339a8fd587c1e6
SHA1

97a5dff29de6f8c8cf150943bbaa72adffc98bb0
SHA256

7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be
SHA512

8e1c45e5daa9627a34cb680eb7d2059bca2870967c8639d1cac2b65ecc2445006d14d7618c02afd1872b5f811435728aa8d78222b37bbc74eb78aac6e60f148b
SSDEEP

49152:bGgJ3vE7rwsY5+a+h1cHkUnl/u9Zx/PgxeAaE/PgT5MrG:NavI5+qHxsgxeAfdrG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2980	2836	rundll32.exe	30
PID 2836 wrote to memory of 2980	2836	rundll32.exe	30
PID 2836 wrote to memory of 2980	2836	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a6198fb881f8c76bed0e51021641deb35a8cedc4206eef5e9b16fb7f91d86be.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2836 -s 52
  2⤵
  PID:2980