2be17fe0b81faeed6f8aabb02fabeebab0fcc4977543ca99050f453e094564e5

Analysis

max time kernel
30s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 13:53

Target

2be17fe0b81faeed6f8aabb02fabeebab0fcc4977543ca99050f453e094564e5.dll
Size

52KB
MD5

0d4de35775f299daa456e8f562aaffdd
SHA1

b515ee705b0136f8456d8725202e8dface91293a
SHA256

2be17fe0b81faeed6f8aabb02fabeebab0fcc4977543ca99050f453e094564e5
SHA512

657c79bbef8b4b57480dd49d1daea98eeac6ca732d4e842b174b930f6d95d3c315cc9579bfe7129d1b4dd0a229a1bdd2ff116190179ac8a081a9bc98717f3d7c
SSDEEP

768:lyOYs0Ci3T9qLkIB+0yM1/CWdoYqTjGa4EhRtIQ9hd+HPWVunTEDHA7wjcl:lZzi34LkkV/RdoF7ecUHP7Ei

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1960	1864	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1864	1848	rundll32.exe	28
PID 1848 wrote to memory of 1864	1848	rundll32.exe	28
PID 1848 wrote to memory of 1864	1848	rundll32.exe	28
PID 1848 wrote to memory of 1864	1848	rundll32.exe	28
PID 1848 wrote to memory of 1864	1848	rundll32.exe	28
PID 1848 wrote to memory of 1864	1848	rundll32.exe	28
PID 1848 wrote to memory of 1864	1848	rundll32.exe	28
PID 1864 wrote to memory of 1960	1864	rundll32.exe	29
PID 1864 wrote to memory of 1960	1864	rundll32.exe	29
PID 1864 wrote to memory of 1960	1864	rundll32.exe	29
PID 1864 wrote to memory of 1960	1864	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2be17fe0b81faeed6f8aabb02fabeebab0fcc4977543ca99050f453e094564e5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2be17fe0b81faeed6f8aabb02fabeebab0fcc4977543ca99050f453e094564e5.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 224
    3⤵
    - Program crash
    PID:1960

memory/1864-55-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download