65d304094860532f8e8dbe2b837eec41973edba73d8c2a3a837f6166450e6287

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 06:06

Target

616-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

a574b61931f0ccb914e50e724cb8ad2a
SHA1

45aed5434ad0ceec1c88fcdc07e94bc2402235f8
SHA256

65d304094860532f8e8dbe2b837eec41973edba73d8c2a3a837f6166450e6287
SHA512

6fca8623d62926948718baed91cb397aa23fff51fc2320582935c8ddd1d9817ceef1576aad303da03892a454ea84dea0ea5bb712816abdee22a6d8d1aed91eab
SSDEEP

192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwZXBAQYfPq/3Kb:h1Mf0gJSix2AA56RCiZVPGQYnq/6b

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1280 1336 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1280	1336	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1336 wrote to memory of 1280	1336	rundll32.exe	WerFault.exe
PID 1336 wrote to memory of 1280	1336	rundll32.exe	WerFault.exe
PID 1336 wrote to memory of 1280	1336	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\616-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1336 -s 56
2⤵
- Program crash
PID:1280