7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574

Analysis

max time kernel
102s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 18:17

Target

7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574.dll
Size

328KB
MD5

595b59bbab5579bab0de553939cadde0
SHA1

12a00978aad180de7758c86de0a2bd53b7962cb4
SHA256

7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574
SHA512

13c7a270e0823b3ff8cd72312098ce446cc39bb4ec27cd97c435ead13890772150f428da655e06503032c4cc0d7d6e4e0b8dee5cffb11573c96b21204d60dddf
SSDEEP

6144:piNrTigFoCmqkge1TcTX5JE0Ax7VjzgaXTALneyxFU4P7aG8vTS7MC:gNftwgedcTXEzx7Vj0wTAjRb+vu7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4544	2700	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 2700	3368	rundll32.exe	78
PID 3368 wrote to memory of 2700	3368	rundll32.exe	78
PID 3368 wrote to memory of 2700	3368	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574.dll,#1
  2⤵
  PID:2700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 544
    3⤵
    - Program crash
    PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2700 -ip 2700
1⤵
PID:712

memory/2700-133-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download