ae32e5e777c7f9261de976a00fe43fff610cb473a61fcf8369669de58a354d22

Analysis

max time kernel
43s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 23:18

Target

ae32e5e777c7f9261de976a00fe43fff610cb473a61fcf8369669de58a354d22.dll
Size

318KB
MD5

bbc6da86a5fa92e1314fe03187265f3e
SHA1

03063aaa92309dac583bf4a1002b61c7357ec075
SHA256

ae32e5e777c7f9261de976a00fe43fff610cb473a61fcf8369669de58a354d22
SHA512

385ddf3f97b6446bc40e0057dc604e16b023de3e34b28e1f8681bbcbc56e3da82d033c7633b54bd011339fffc32c53e1fc039e37eefe8376f9d8f7dd1de8377e
SSDEEP

6144:u5cCQ3KrGsslg017+HWL8/DeZ7/ODmLjE/:CJr7sv7+Hl/CZCivE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1336	616	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 616	1188	rundll32.exe	28
PID 1188 wrote to memory of 616	1188	rundll32.exe	28
PID 1188 wrote to memory of 616	1188	rundll32.exe	28
PID 1188 wrote to memory of 616	1188	rundll32.exe	28
PID 1188 wrote to memory of 616	1188	rundll32.exe	28
PID 1188 wrote to memory of 616	1188	rundll32.exe	28
PID 1188 wrote to memory of 616	1188	rundll32.exe	28
PID 616 wrote to memory of 1336	616	rundll32.exe	29
PID 616 wrote to memory of 1336	616	rundll32.exe	29
PID 616 wrote to memory of 1336	616	rundll32.exe	29
PID 616 wrote to memory of 1336	616	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae32e5e777c7f9261de976a00fe43fff610cb473a61fcf8369669de58a354d22.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae32e5e777c7f9261de976a00fe43fff610cb473a61fcf8369669de58a354d22.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:616
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
    3⤵
    - Program crash
    PID:1336

memory/616-55-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download