4a5031f484168f79d78a45132bb34f1200791aba7438466aacf7583d11ca2ec8

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 14:39

Target

4a5031f484168f79d78a45132bb34f1200791aba7438466aacf7583d11ca2ec8.dll
Size

20KB
MD5

608f916cf368da077bce07e941f5bdb5
SHA1

98b155e82ed9c36166b08cb1f05df891a77cc494
SHA256

4a5031f484168f79d78a45132bb34f1200791aba7438466aacf7583d11ca2ec8
SHA512

f8d3383cada8c3fa28d720301a9cc110e8528d523aaafd17ca426e889a9bdad4921629d9851ef61b6ecf0abe5c1b24ad18fa784ec0fd60defb99f1380211b0dd
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplWCAu8UaWHuqaTlX0wG:zfYh2oCtpXPWx2OqaewG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1084	368	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
368	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 368 wrote to memory of 1084	368	rundll32.exe	28
PID 368 wrote to memory of 1084	368	rundll32.exe	28
PID 368 wrote to memory of 1084	368	rundll32.exe	28
PID 368 wrote to memory of 1084	368	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a5031f484168f79d78a45132bb34f1200791aba7438466aacf7583d11ca2ec8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a5031f484168f79d78a45132bb34f1200791aba7438466aacf7583d11ca2ec8.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 244
    3⤵
    - Program crash
    PID:1084

memory/368-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download