7ae456b4b63e1926dab6c045ced3b8f6e199c34ca74b90d9202add247cbbf490

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 12:43

Target

7ae456b4b63e1926dab6c045ced3b8f6e199c34ca74b90d9202add247cbbf490.dll
Size

238KB
MD5

a37a27793e1394ca9ece729d967617c0
SHA1

36bfb56756162c25fc387977f31afc4078d35d7d
SHA256

7ae456b4b63e1926dab6c045ced3b8f6e199c34ca74b90d9202add247cbbf490
SHA512

6363a8f2a7fedc1549c05016ad771aa46a8db9dea8db042f370eb4f41976dd2a0f8c565b2e529fbe5fd22e77c01a48a645c5755af3f17b5862ef3e3e20bad60e
SSDEEP

1536:zgI0g5rDIhr4g/IAe9oWU7uS2f9SSEMtZLlqROx9pq8ml9We:06g4g4jS2f9SSE0hy8Q9We

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4832	4376	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 4376	3572	rundll32.exe	83
PID 3572 wrote to memory of 4376	3572	rundll32.exe	83
PID 3572 wrote to memory of 4376	3572	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ae456b4b63e1926dab6c045ced3b8f6e199c34ca74b90d9202add247cbbf490.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ae456b4b63e1926dab6c045ced3b8f6e199c34ca74b90d9202add247cbbf490.dll,#1
  2⤵
  PID:4376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 632
    3⤵
    - Program crash
    PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4376 -ip 4376
1⤵
PID:4936

memory/4376-133-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download