d915d359598f55342d3b0675bb1174044ca8a3d0403fb2dd147a40614d74be14

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27-09-2022 20:45

Target

1184-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

5b051d9c7b0b7ba2b45017edb6130dfc
SHA1

64ca9a4f54d367aa0a69840fe557d59f170ca6c2
SHA256

d915d359598f55342d3b0675bb1174044ca8a3d0403fb2dd147a40614d74be14
SHA512

884490fc842122d5af4c33468a42617131a83a30d6a2633f89a8ad9c4959e501e098464c061823fc690e7c825fda0f73f64f7f41cf94180f3a92408793762dc1
SSDEEP

192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgw7gXBAQYfPq/3Kb:h1Mf0gJSix2AA56RCiZVoGQYnq/6b

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1160 1712 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1160	1712	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1712 wrote to memory of 1160	1712	rundll32.exe	WerFault.exe
PID 1712 wrote to memory of 1160	1712	rundll32.exe	WerFault.exe
PID 1712 wrote to memory of 1160	1712	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1184-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1712 -s 56
2⤵
- Program crash
PID:1160