6fa5054b762b2e2b15b27e5a01e81a92d8f9af41216f1e2d35d797903289e215

Analysis

Target

6fa5054b762b2e2b15b27e5a01e81a92d8f9af41216f1e2d35d797903289e215.dll
Size

1.3MB
MD5

9ffac7533cb82db816f39c5595201658
SHA1

148f35a1fdf7d62401910f25123ee50f4d534bdb
SHA256

6fa5054b762b2e2b15b27e5a01e81a92d8f9af41216f1e2d35d797903289e215
SHA512

c72cba78fff45360335269681f13a2569d084f766e378d25cc6ce713504ecc62a6b3a3f1362b636f2d600db2df900ff853c5a9efdc8d72200842662199ed58a8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1996	2044	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2044	1468	rundll32.exe	27
PID 1468 wrote to memory of 2044	1468	rundll32.exe	27
PID 1468 wrote to memory of 2044	1468	rundll32.exe	27
PID 1468 wrote to memory of 2044	1468	rundll32.exe	27
PID 1468 wrote to memory of 2044	1468	rundll32.exe	27
PID 1468 wrote to memory of 2044	1468	rundll32.exe	27
PID 1468 wrote to memory of 2044	1468	rundll32.exe	27
PID 2044 wrote to memory of 1996	2044	rundll32.exe	28
PID 2044 wrote to memory of 1996	2044	rundll32.exe	28
PID 2044 wrote to memory of 1996	2044	rundll32.exe	28
PID 2044 wrote to memory of 1996	2044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fa5054b762b2e2b15b27e5a01e81a92d8f9af41216f1e2d35d797903289e215.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fa5054b762b2e2b15b27e5a01e81a92d8f9af41216f1e2d35d797903289e215.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 308
    3⤵
    - Program crash
    PID:1996

memory/2044-55-0x00000000752D1000-0x00000000752D3000-memory.dmp

Filesize
8KB

Download