eeeea84d707a2bacef580c40d07fceec71a7dc22b9a19c37d2acb4c4b2691275

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/09/2022, 04:59

Target

eeeea84d707a2bacef580c40d07fceec71a7dc22b9a19c37d2acb4c4b2691275.dll
Size

640KB
MD5

bae6d8ef445aceee18fd8819b3e2c323
SHA1

907253ed246ba260f771bdb920030577d19c01d1
SHA256

eeeea84d707a2bacef580c40d07fceec71a7dc22b9a19c37d2acb4c4b2691275
SHA512

58bd320a6774ec615906d20d39f541c7098bceaa6885fc9cfbd0fecc408508c1a9e5e1af4ec50652f337a39fe8d78b2f8ae35f54d29b7bd7c2a4102427224650
SSDEEP

12288:ZVqbxK2ChJ9dXEJ7R2tyQAqGLugLQHiippcT1sSVK/5A77eWVb/UmlWiP:ZVqeJgGZG/LUPppcRXuA77eWVAmlWiP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1992	1856	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1856 wrote to memory of 1992	1856	rundll32.exe	28
PID 1856 wrote to memory of 1992	1856	rundll32.exe	28
PID 1856 wrote to memory of 1992	1856	rundll32.exe	28
PID 1856 wrote to memory of 1992	1856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eeeea84d707a2bacef580c40d07fceec71a7dc22b9a19c37d2acb4c4b2691275.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eeeea84d707a2bacef580c40d07fceec71a7dc22b9a19c37d2acb4c4b2691275.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 256
    3⤵
    - Program crash
    PID:1992

memory/1856-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download