6e873c8967ce2408fd4a5235e34ed3881ebd910163cd30577a4064ff23cdb5ab

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 04:36

Target

6e873c8967ce2408fd4a5235e34ed3881ebd910163cd30577a4064ff23cdb5ab.dll
Size

142KB
MD5

6dfb489ce05763379002de5931e3b0a1
SHA1

45f2ea0ba5585611022c831bfc654cd721794e7b
SHA256

6e873c8967ce2408fd4a5235e34ed3881ebd910163cd30577a4064ff23cdb5ab
SHA512

7134f738942a22bf8bb0c479fb374d9b359fef7d01a1eb49129dc8e47996ef7dc7ec27ff37f9e0ed7596b8754c564fbd2c4603647c181aff6486b823d07933e4
SSDEEP

3072:l1JaLxYcDiPh9wI8bz2/yp4UcGy4ivDhFiD:l1Uxghixz2/yp4UcGyLhFiD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1644	1700	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1700 wrote to memory of 1644	1700	rundll32.exe	28
PID 1700 wrote to memory of 1644	1700	rundll32.exe	28
PID 1700 wrote to memory of 1644	1700	rundll32.exe	28
PID 1700 wrote to memory of 1644	1700	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e873c8967ce2408fd4a5235e34ed3881ebd910163cd30577a4064ff23cdb5ab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e873c8967ce2408fd4a5235e34ed3881ebd910163cd30577a4064ff23cdb5ab.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
    3⤵
    - Program crash
    PID:1644

memory/1700-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download