5c73fd0836fe5cdfda77d855f6d21b013222ad4c18d84dca1650bac556039898

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10-10-2022 13:51

Target

3700-178-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

f3a26bba93a7bc38b371cd1a40bea277
SHA1

f23277b0b85903470d3b7852274086d34205fa3c
SHA256

5c73fd0836fe5cdfda77d855f6d21b013222ad4c18d84dca1650bac556039898
SHA512

11154fbb5c174e51d83c3d585839c115b82405f356a5089bcf9f8bd166e2b125f3724ee71b6d04247987ffd6e3a2862ba8afcb94255325dd0a60528b09242b79
SSDEEP

192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwBwXBAQYfPq/3Kb:h1Mf0gJSix2AA56RCiZVCGQYnq/6b

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1720 1712 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1720	1712	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1712 wrote to memory of 1720	1712	rundll32.exe	WerFault.exe
PID 1712 wrote to memory of 1720	1712	rundll32.exe	WerFault.exe
PID 1712 wrote to memory of 1720	1712	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3700-178-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1712 -s 56
2⤵
- Program crash
PID:1720