545a98589ca4e2146f22b845ae670d056b7b87d14247fcd401a1b77a2c14f0a1

Analysis

max time kernel
26s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:18

Target

545a98589ca4e2146f22b845ae670d056b7b87d14247fcd401a1b77a2c14f0a1.dll
Size

9KB
MD5

7ff05c8286ef8af9bd510432d0d7cee1
SHA1

170e33d229ae6be2c1a3fb233f8ee2e6cbf52b43
SHA256

545a98589ca4e2146f22b845ae670d056b7b87d14247fcd401a1b77a2c14f0a1
SHA512

eefd49e223b26a540ab813b673b946710aefb82aaa735bc0068d479b4a93c8055f207574754c4b0f6991955c1bc16d92cf8108e15bae4e19fd6e9cc1d7ca3b25
SSDEEP

192:ehBPIcgjqxL9DPezyiH4XCAVJPwHJTOHWxDhCRWQ:ehBgcgjqxL9jezZCCA+KB

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1044 1992 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1044	1992	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1744 wrote to memory of 1992	1744	rundll32.exe	rundll32.exe
PID 1744 wrote to memory of 1992	1744	rundll32.exe	rundll32.exe
PID 1744 wrote to memory of 1992	1744	rundll32.exe	rundll32.exe
PID 1744 wrote to memory of 1992	1744	rundll32.exe	rundll32.exe
PID 1744 wrote to memory of 1992	1744	rundll32.exe	rundll32.exe
PID 1744 wrote to memory of 1992	1744	rundll32.exe	rundll32.exe
PID 1744 wrote to memory of 1992	1744	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 1044	1992	rundll32.exe	WerFault.exe
PID 1992 wrote to memory of 1044	1992	rundll32.exe	WerFault.exe
PID 1992 wrote to memory of 1044	1992	rundll32.exe	WerFault.exe
PID 1992 wrote to memory of 1044	1992	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\545a98589ca4e2146f22b845ae670d056b7b87d14247fcd401a1b77a2c14f0a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\545a98589ca4e2146f22b845ae670d056b7b87d14247fcd401a1b77a2c14f0a1.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 296
3⤵
- Program crash
PID:1044

memory/1044-59-0x0000000000000000-mapping.dmp

Download
memory/1992-54-0x0000000000000000-mapping.dmp

Download
memory/1992-55-0x0000000075F61000-0x0000000075F63000-memory.dmp

Filesize
8KB

Download
memory/1992-57-0x0000000000110000-0x0000000000114000-memory.dmp

Filesize
16KB

Download
memory/1992-58-0x0000000000120000-0x0000000000124000-memory.dmp

Filesize
16KB

Download
memory/1992-56-0x0000000000110000-0x0000000000114000-memory.dmp

Filesize
16KB

Download
memory/1992-62-0x0000000000110000-0x0000000000114000-memory.dmp

Filesize
16KB

Download
memory/1992-61-0x0000000000110000-0x0000000000114000-memory.dmp

Filesize
16KB

Download
memory/1992-60-0x0000000000110000-0x0000000000114000-memory.dmp

Filesize
16KB

Download