60555b6cd2a8d40fc3cac94677ca754828400e4d2171f1deea2dd7aad36cfa72

Analysis

max time kernel
67s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:10

Target

60555b6cd2a8d40fc3cac94677ca754828400e4d2171f1deea2dd7aad36cfa72.dll
Size

380KB
MD5

360407b1a91bb260b29a182ebbf74ebd
SHA1

e93038fc60843d7cbef81e68a17aa64612f5e22f
SHA256

60555b6cd2a8d40fc3cac94677ca754828400e4d2171f1deea2dd7aad36cfa72
SHA512

c87cffdffa8674dc095e2e16aa10d79a146c8885d7cfeaf04c712724822e11e2f144e310f26c4fee4c5b9576769a24c2f06f6ea8785e7f8c6e6ca272b9486cd2
SSDEEP

6144:Fs7mHiUNIxGrfrDIQBk2TES1Fh/pAYlJGkLaZvpSn9iGmchd7F9mwdTh4XQ:FssHNkGrfQR2TESDh1JEhpm9iGmchdxf

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1180 268 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1180	268	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 432 wrote to memory of 268	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 268	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 268	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 268	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 268	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 268	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 268	432	rundll32.exe	rundll32.exe
PID 268 wrote to memory of 1180	268	rundll32.exe	WerFault.exe
PID 268 wrote to memory of 1180	268	rundll32.exe	WerFault.exe
PID 268 wrote to memory of 1180	268	rundll32.exe	WerFault.exe
PID 268 wrote to memory of 1180	268	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60555b6cd2a8d40fc3cac94677ca754828400e4d2171f1deea2dd7aad36cfa72.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60555b6cd2a8d40fc3cac94677ca754828400e4d2171f1deea2dd7aad36cfa72.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 228
3⤵
- Program crash
PID:1180

memory/268-54-0x0000000000000000-mapping.dmp

Download
memory/268-55-0x0000000076D71000-0x0000000076D73000-memory.dmp

Filesize
8KB

Download
memory/268-56-0x00000000003B0000-0x0000000000413000-memory.dmp

Filesize
396KB

Download
memory/268-61-0x0000000000220000-0x0000000000282000-memory.dmp

Filesize
392KB

Download
memory/1180-60-0x0000000000000000-mapping.dmp

Download