4d52df2d0ff8d67e5cc5079c7d97977da2e6af0fbd4728a3c9a1981dabcde0f2

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:01

Target

1488-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

5f5ff92604457e3e5d611cbb1cf28aed
SHA1

81abfae21a072dbf308673b23f6d3508c3cbe2c3
SHA256

4d52df2d0ff8d67e5cc5079c7d97977da2e6af0fbd4728a3c9a1981dabcde0f2
SHA512

c4cf472af361947025ab1737109edf8bd118064ddebf802d73e9f3c9dfb15968d83143cbdb5aabd30f75b2244eefe735e1dda013e61543c0dca6d75b43d9ed44
SSDEEP

192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwuL3XBAQYfPq/3Kb:h1Mf0gJSix2AA56RCiZVAbGQYnq/6b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1524	1288	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 1524	1288	rundll32.exe	27
PID 1288 wrote to memory of 1524	1288	rundll32.exe	27
PID 1288 wrote to memory of 1524	1288	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1488-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1288 -s 56
  2⤵
  - Program crash
  PID:1524