e94af43589322bc0b1ff6302f31833283bdf48896f2a5070d0ab742772f4204b

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-02-2025 18:39

Target

e94af43589322bc0b1ff6302f31833283bdf48896f2a5070d0ab742772f4204b.dll
Size

2.1MB
MD5

1ed3dedc0602c9827cafbf912435afd9
SHA1

1a4f9ea2af1e1d84d9f1b84edfd227f76358cfa6
SHA256

e94af43589322bc0b1ff6302f31833283bdf48896f2a5070d0ab742772f4204b
SHA512

1d26b3ee9fbfefec3e4413587db404a9e36ceeb83dac6446a8f747c9a9bb574d51aab862190ec0ed4ad2f16881eef58a8b4640d11dff627a057811fe5c44036f
SSDEEP

49152:bGgJ3vE7rwsY5+a+h1cHkUnl/u9Zx/PgxeAaE3PgTnvrG:NavI5+qHxsgxeAXorG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2052	3060	rundll32.exe	30
PID 3060 wrote to memory of 2052	3060	rundll32.exe	30
PID 3060 wrote to memory of 2052	3060	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e94af43589322bc0b1ff6302f31833283bdf48896f2a5070d0ab742772f4204b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3060 -s 52
  2⤵
  PID:2052