608ceafc6eab8fa26cd5fb47a6276289b6bfb6a1ca5c2cdef82f91f9d2381e26

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 20:12

Target

608ceafc6eab8fa26cd5fb47a6276289b6bfb6a1ca5c2cdef82f91f9d2381e26.dll
Size

688KB
MD5

96e751d97f9213373b6232354189aec8
SHA1

4bd3693203af4c17b9484e6b8613a8637e1e3a0d
SHA256

608ceafc6eab8fa26cd5fb47a6276289b6bfb6a1ca5c2cdef82f91f9d2381e26
SHA512

49cff5c7387bd6886f26da95daf524a4f2605a77b58534f3a114c299618b937ff89b5f70a815981d74b0f3035378f219217fc256d6b9f42c442412bba8338ad1
SSDEEP

12288:iSxqoybrnqm4+UsM6tfgFU4KO+CDS+2kTyvjcrcCTWuWNyepHNyxgbyCBN:iSxqoybrnq49MRUe+CDS+2kTCKajNNt7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1160	1496	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1496 wrote to memory of 1160	1496	rundll32.exe	28
PID 1496 wrote to memory of 1160	1496	rundll32.exe	28
PID 1496 wrote to memory of 1160	1496	rundll32.exe	28
PID 1496 wrote to memory of 1160	1496	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\608ceafc6eab8fa26cd5fb47a6276289b6bfb6a1ca5c2cdef82f91f9d2381e26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\608ceafc6eab8fa26cd5fb47a6276289b6bfb6a1ca5c2cdef82f91f9d2381e26.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
    3⤵
    - Program crash
    PID:1160

memory/1496-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1496-56-0x00000000003B0000-0x000000000045C000-memory.dmp

Filesize
688KB

Download
memory/1496-61-0x0000000000230000-0x00000000002B6000-memory.dmp

Filesize
536KB

Download