536da70d335f089d3761b2a9077cc4160a1b6f1b2f064a65613fd36fdfb2a012

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 13:04

Target

536da70d335f089d3761b2a9077cc4160a1b6f1b2f064a65613fd36fdfb2a012.dll
Size

171KB
MD5

0cc5dc0340d2a7ff5a3dfd65070212f9
SHA1

942030d1055c9d2cd3eb149af184dc3043f8e73e
SHA256

536da70d335f089d3761b2a9077cc4160a1b6f1b2f064a65613fd36fdfb2a012
SHA512

ac9d01772903d39482c0862db06780a47387d0001961bff7759ba2733e236671a57df8d57fb724047d65ce58d5ed0b7be00c0f4ac682c51912341ea6abe86d0c
SSDEEP

1536:eI8oIFIJkuvfZ/Auwu7PVNd4ocmLVWqZ+duYTBBSxyF5S3vhCwh+wPj86bk3CLZ4:eaSyxvfGuzEpYYAL5pzmZba

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1212	816	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 816 wrote to memory of 1212	816	rundll32.exe	28
PID 816 wrote to memory of 1212	816	rundll32.exe	28
PID 816 wrote to memory of 1212	816	rundll32.exe	28
PID 816 wrote to memory of 1212	816	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\536da70d335f089d3761b2a9077cc4160a1b6f1b2f064a65613fd36fdfb2a012.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\536da70d335f089d3761b2a9077cc4160a1b6f1b2f064a65613fd36fdfb2a012.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 252
    3⤵
    - Program crash
    PID:1212

memory/816-54-0x0000000000000000-mapping.dmp

Download
memory/816-55-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download
memory/816-57-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1212-56-0x0000000000000000-mapping.dmp

Download