fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 09:01

Target

fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed.dll
Size

473KB
MD5

87db44a4b6f66ede12c38f4cfdc53cfa
SHA1

dd660f3a830a403c450601a09abfdb8389bf2f32
SHA256

fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed
SHA512

c635ee6b5745ba7929afa36d0464ed63fdf3444fbf028a15ece6f5a3358be95b600f54d051a2dca27ff2ce7a0469aa96d07fbda81f1ecb8bab8a14098007b81b
SSDEEP

12288:98VRHw8I16uB4U33kLiSJ14NECsPrMASVf:98fHwDRB4U33k31TCdVf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2388	1860	rundll32.exe	30
PID 1860 wrote to memory of 2388	1860	rundll32.exe	30
PID 1860 wrote to memory of 2388	1860	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1860 -s 80
  2⤵
  PID:2388

memory/1860-1-0x000007FEFD461000-0x000007FEFD462000-memory.dmp

Filesize
4KB

Download
memory/1860-0-0x000007FEBD450000-0x000007FEBD460000-memory.dmp

Filesize
64KB

Download