3b597177566d034e98bdfc5e336473d974c0edf89ffcb3369583121399b46f3b

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 16:05

Target

3b597177566d034e98bdfc5e336473d974c0edf89ffcb3369583121399b46f3b.dll
Size

9KB
MD5

a10e8d45a7e898aba2d26f13a6dc26e0
SHA1

eb16a6734bfc0c9e70640af6a4d0fe0f1e748d46
SHA256

3b597177566d034e98bdfc5e336473d974c0edf89ffcb3369583121399b46f3b
SHA512

6c2b1c1e3fa7cd078bb8374f47b50c44a5fa060790791a53e46ede3526a60e0483e55c2ec631b106b8eb9a32af27f0b69a2cd5485afe51a16f737222731534eb
SSDEEP

192:cNo5kmXmEEnkITKoUBQIEtNvokhF5hDJtKfnv23qJthDNp0:y1mWEHI2oT7Nh9Dqv6qJtN70

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1588	1160	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1160	2000	rundll32.exe	27
PID 2000 wrote to memory of 1160	2000	rundll32.exe	27
PID 2000 wrote to memory of 1160	2000	rundll32.exe	27
PID 2000 wrote to memory of 1160	2000	rundll32.exe	27
PID 2000 wrote to memory of 1160	2000	rundll32.exe	27
PID 2000 wrote to memory of 1160	2000	rundll32.exe	27
PID 2000 wrote to memory of 1160	2000	rundll32.exe	27
PID 1160 wrote to memory of 1588	1160	rundll32.exe	28
PID 1160 wrote to memory of 1588	1160	rundll32.exe	28
PID 1160 wrote to memory of 1588	1160	rundll32.exe	28
PID 1160 wrote to memory of 1588	1160	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b597177566d034e98bdfc5e336473d974c0edf89ffcb3369583121399b46f3b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b597177566d034e98bdfc5e336473d974c0edf89ffcb3369583121399b46f3b.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
    3⤵
    - Program crash
    PID:1588

memory/1160-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download
memory/1160-57-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download