fa61df3fb1d242f40ef3e13f1c2e146a49e7d37969e2f6be621c5ccd2bee707e

Analysis

max time kernel
42s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-11-2022 19:09

Target

1676-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

3c6159840d56350a5d451d6d0c7790da
SHA1

d04d9b3fb69b80f1d2be4153cf33925bfccd7fe7
SHA256

fa61df3fb1d242f40ef3e13f1c2e146a49e7d37969e2f6be621c5ccd2bee707e
SHA512

4ca19935aa188efca3f342d6465a216ed0962fc221258374331dd8925095f81f27f45ecf13bd0b20dca94dd2f85cd8b529794f19c448df887258f64e970f9640
SSDEEP

192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwKRXBAQYfPq/3KbA:h1Mf0gJSix2AA56RCiZVA1GQYnq/6bA

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

280 536 WerFault.exe rundll32.exe

pid	pid_target	process	target process
280	536	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 536 wrote to memory of 280	536	rundll32.exe	WerFault.exe
PID 536 wrote to memory of 280	536	rundll32.exe	WerFault.exe
PID 536 wrote to memory of 280	536	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1676-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 536 -s 56
2⤵
- Program crash
PID:280