d46e2e4b7cae432b6e92cff92fe95840b17d481c95ad70d963bf9bc68836ec96

Analysis

max time kernel
46s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 08:35

Target

34aca02d3a4665f63fddb354551b5eff5a7e8877032ddda6db4f5c42452885ad.dll
Size

48KB
MD5

9a915313d02345e149e6ba566fe85c47
SHA1

9cd7f14d85814c48be3fbf73891415978a7aa882
SHA256

34aca02d3a4665f63fddb354551b5eff5a7e8877032ddda6db4f5c42452885ad
SHA512

0410f3888a1134287d269447825dbf5b2e1f3087d60dbd80d3ca4e0edc11eaa25f1620985d281a27274202c31489ab9dc04b21f7b46f130e211d8369ab4a47ce
SSDEEP

384:a+pq5cI2c1nuQd/7ahphmL+Y6XM+c2iqiij/30qzpvUoSbBhDorrmUBsSltcO57Q:Tm2c9Hdwp2+Y6XMpbpi3lUrByvmptUW

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1364 1996 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1364	1996	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1996 wrote to memory of 1364	1996	rundll32.exe	WerFault.exe
PID 1996 wrote to memory of 1364	1996	rundll32.exe	WerFault.exe
PID 1996 wrote to memory of 1364	1996	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34aca02d3a4665f63fddb354551b5eff5a7e8877032ddda6db4f5c42452885ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1996 -s 148
2⤵
- Program crash
PID:1364