2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
05/03/2025, 20:45

Target

2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4.dll
Size

271KB
MD5

b44b3d9ccfae48f868ee02ea90b10410
SHA1

a2dfb716051e8dd0e9e5de3b9e3cd57fba26f39b
SHA256

2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4
SHA512

61261dbd7f0668e29162b3313c85171acb50070b419be3f0806f7d8f1c9935e1ea94cb4777c2a261b10b98d80d717b47586fa2a6f432b320a39f007a4496391b
SSDEEP

6144:359gMgmoFw5553f2R6QoKBTad4cuDQR4Uxrt1VJ:3rgMgm+w7diouERj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2308	2188	rundll32.exe	30
PID 2188 wrote to memory of 2308	2188	rundll32.exe	30
PID 2188 wrote to memory of 2308	2188	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 144
  2⤵
  PID:2308