445559cdfc50c2a0372012fa102a525268c3a6d319960d7401470499e3e3473a

Analysis

max time kernel
4s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 16:43

Target

445559cdfc50c2a0372012fa102a525268c3a6d319960d7401470499e3e3473a.dll
Size

420KB
MD5

0f2dfdf0abc3781944da6a3b999ed510
SHA1

0e1e0a92a9a723c52b313982f9709f65b0f7ac18
SHA256

445559cdfc50c2a0372012fa102a525268c3a6d319960d7401470499e3e3473a
SHA512

c25c15504256f70fbc3e9513e8a959a45a6e34af5e8c85da0f5ef49fbb879296de7fe44f3af551a139079be9b8273699a56a72603eb42f26aa6ebf83fa2b8f2a
SSDEEP

6144:/3zt5IqlU3SizX+Ui3NMSyWgFYQOel6+RtxJrtAbPoOaE+BbGCUBB3gvhiWaOuBB:PR5IH5zX+PSqgFVM+RtMngvhiWaOuBu

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1712 1456 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1712	1456	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 848 wrote to memory of 1456	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1456	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1456	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1456	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1456	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1456	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1456	848	rundll32.exe	rundll32.exe
PID 1456 wrote to memory of 1712	1456	rundll32.exe	WerFault.exe
PID 1456 wrote to memory of 1712	1456	rundll32.exe	WerFault.exe
PID 1456 wrote to memory of 1712	1456	rundll32.exe	WerFault.exe
PID 1456 wrote to memory of 1712	1456	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\445559cdfc50c2a0372012fa102a525268c3a6d319960d7401470499e3e3473a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\445559cdfc50c2a0372012fa102a525268c3a6d319960d7401470499e3e3473a.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 228
3⤵
- Program crash
PID:1712

memory/1456-54-0x0000000000000000-mapping.dmp

Download
memory/1456-55-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download
memory/1712-56-0x0000000000000000-mapping.dmp

Download