fa49ae1962f00972098684f4a2cc602cfabffbac507410d594c604903e3f420a

Analysis

max time kernel
41s
max time network
119s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-10-2022 18:53

Target

368-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

84181a1191556f48a7dcdd53642658da
SHA1

4f3df460195d1adf0b69e8471c940b9e3f0b7c65
SHA256

fa49ae1962f00972098684f4a2cc602cfabffbac507410d594c604903e3f420a
SHA512

df0ec6d9834cc11255c8183731c6bc5d6a399d0957135ffc1c252591309840c3466066e181b6bd384afda69aedb098d4604224e8084a14e1ba9f4f055008a39c
SSDEEP

192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwz0XBAQYfPq/3Kb4:h1Mf0gJSix2AA56RCiZVcGQYnq/6b

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1836 1760 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1836	1760	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1760 wrote to memory of 1836	1760	rundll32.exe	WerFault.exe
PID 1760 wrote to memory of 1836	1760	rundll32.exe	WerFault.exe
PID 1760 wrote to memory of 1836	1760	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\368-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1760 -s 56
2⤵
- Program crash
PID:1836