721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605

Analysis

max time kernel
36s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 01:19

Target

721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605.dll
Size

101KB
MD5

719728ed5fbe276eba27164d225ba7c0
SHA1

df8da8d3d93635890157955e078fb66d316b4e88
SHA256

721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605
SHA512

2f3df322559b4e9fbc29ef61095f0c575932a30ec869e1590361ec5b288974d8f27bd0e08af7d92f89e2466caee34dee2ad21ca9e6475568e5c0eb51fded880f
SSDEEP

1536:Ge7i1cbcaD0KZqLCQ7jro+lfFQKt4v1uQU11dFfRD3qYKS7wGWk5Ma6Pznds3mwm:Gmi1MQKZWCQ9ltGYXdvzW3DyJSqel

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1236	1220	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 1220	892	rundll32.exe	27
PID 892 wrote to memory of 1220	892	rundll32.exe	27
PID 892 wrote to memory of 1220	892	rundll32.exe	27
PID 892 wrote to memory of 1220	892	rundll32.exe	27
PID 892 wrote to memory of 1220	892	rundll32.exe	27
PID 892 wrote to memory of 1220	892	rundll32.exe	27
PID 892 wrote to memory of 1220	892	rundll32.exe	27
PID 1220 wrote to memory of 1236	1220	rundll32.exe	28
PID 1220 wrote to memory of 1236	1220	rundll32.exe	28
PID 1220 wrote to memory of 1236	1220	rundll32.exe	28
PID 1220 wrote to memory of 1236	1220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 288
    3⤵
    - Program crash
    PID:1236

memory/1220-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/1220-56-0x00000000746C0000-0x000000007472A000-memory.dmp

Filesize
424KB

Download
memory/1220-58-0x0000000074730000-0x000000007479A000-memory.dmp

Filesize
424KB

Download
memory/1220-59-0x00000000746C0000-0x000000007472A000-memory.dmp

Filesize
424KB

Download
memory/1220-60-0x0000000074730000-0x000000007479A000-memory.dmp

Filesize
424KB

Download
memory/1220-61-0x0000000074730000-0x000000007479A000-memory.dmp

Filesize
424KB

Download