3e08418b83a1e91d2b6e411ae50c2a5f155fd82d2e3adfde9c529f5a89a31407

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07/02/2025, 18:44

Target

3e08418b83a1e91d2b6e411ae50c2a5f155fd82d2e3adfde9c529f5a89a31407.dll
Size

2.1MB
MD5

bf4d724fb025b1bf6679b1a7eb99326d
SHA1

2283325ae439d965b92cbd72f08dfd9ad73ac3ea
SHA256

3e08418b83a1e91d2b6e411ae50c2a5f155fd82d2e3adfde9c529f5a89a31407
SHA512

6e087ae03cdb6d50387a078dd62e2249b4d8bbc661acf62d4d35c63032a2573a227b4da288b4cf8722c21c894361671a6255659d66fbeabed7ed2f4bc15d406a
SSDEEP

49152:bGgJ3vE7rwsY5+a+h1cHkUnl/u9Zx/PgxeAaE/PgTnvrG:NavI5+qHxsgxeAforG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2824	2796	rundll32.exe	30
PID 2796 wrote to memory of 2824	2796	rundll32.exe	30
PID 2796 wrote to memory of 2824	2796	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e08418b83a1e91d2b6e411ae50c2a5f155fd82d2e3adfde9c529f5a89a31407.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2796 -s 56
  2⤵
  PID:2824