e22ec4285ec368716db5cc0e1cb62a9a0f235d1a3819a8fa72bd0b2c7f62b5b4

Analysis

max time kernel
41s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 17:32

Target

e22ec4285ec368716db5cc0e1cb62a9a0f235d1a3819a8fa72bd0b2c7f62b5b4.dll
Size

526KB
MD5

28e958d1227da1672808c80b069fe116
SHA1

0fe229c8b5dca6d1582f60c42cad535e2afaa9a8
SHA256

e22ec4285ec368716db5cc0e1cb62a9a0f235d1a3819a8fa72bd0b2c7f62b5b4
SHA512

82a45921901ff8942094b1e1fb1e25d3069646b2f695276d0e8be502ad3f5f4f1128f790e207cd0510fe951d01ca0b4c63676f269301608578ec217d1cf71097
SSDEEP

12288:7kBXVZuMGmzfGRjtcLK2fW77b7m/tC1lCWZUmqoz:wxE2L63m1iH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1280	964	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 964	896	rundll32.exe	28
PID 896 wrote to memory of 964	896	rundll32.exe	28
PID 896 wrote to memory of 964	896	rundll32.exe	28
PID 896 wrote to memory of 964	896	rundll32.exe	28
PID 896 wrote to memory of 964	896	rundll32.exe	28
PID 896 wrote to memory of 964	896	rundll32.exe	28
PID 896 wrote to memory of 964	896	rundll32.exe	28
PID 964 wrote to memory of 1280	964	rundll32.exe	29
PID 964 wrote to memory of 1280	964	rundll32.exe	29
PID 964 wrote to memory of 1280	964	rundll32.exe	29
PID 964 wrote to memory of 1280	964	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e22ec4285ec368716db5cc0e1cb62a9a0f235d1a3819a8fa72bd0b2c7f62b5b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e22ec4285ec368716db5cc0e1cb62a9a0f235d1a3819a8fa72bd0b2c7f62b5b4.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 256
    3⤵
    - Program crash
    PID:1280

memory/964-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/964-56-0x0000000000870000-0x00000000008F6000-memory.dmp

Filesize
536KB

Download
memory/964-60-0x00000000007D0000-0x0000000000835000-memory.dmp

Filesize
404KB

Download