54dee3dd5f14aba8b0d62ceaa419a777a3f1f070b49767f6545a2729ab65d3b1

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 17:27

Target

77e5ff1e4eff690fdcc6e0ba9877e1e6.dll
Size

3.6MB
MD5

77e5ff1e4eff690fdcc6e0ba9877e1e6
SHA1

721b9448b4e54046e156b8ad3b35a8833ecd5daf
SHA256

54dee3dd5f14aba8b0d62ceaa419a777a3f1f070b49767f6545a2729ab65d3b1
SHA512

dd853f675de53ae50ea1618c097a2acf2c332c9eb35efefbe6e2dc56eaf16b7ef4bde5f496fe3c16ec1a877cbd0865600ce78ee378a30f37bb9df010511cb686
SSDEEP

24576:6uMZRLX8+gpL/+2thqiWjJa9cRXtdN86CHXuPVvDVHBXVWcs+lwWTAYq3/ny1Ow+:6jZJ8+gpL/hWjoe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
780	900	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77e5ff1e4eff690fdcc6e0ba9877e1e6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 900 -s 84
  2⤵
  - Program crash
  PID:780