9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 01:47

Target

9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea.dll
Size

63KB
MD5

4a0c9bc835dfea6c48a68c4d84e28b09
SHA1

7eb55bf18c8d3265e64619409056ac8807a5b410
SHA256

9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea
SHA512

66d885a20410725828293f747ca361dd3c34cd1894f6e18f4fb9eb50527fa2af2e8f831d21f048ab4257c4d69e9daa0b6cb47f79322cff56e084250b91b4bbe8
SSDEEP

768:SSA2MMirU0Fi1B5NrH6TJF4SJ1g8Xdq6RwBVlJ0GIEHFn:SSVVoinb76TJ3JmUQLlO+ln

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1880	1500	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 1500	736	rundll32.exe	27
PID 736 wrote to memory of 1500	736	rundll32.exe	27
PID 736 wrote to memory of 1500	736	rundll32.exe	27
PID 736 wrote to memory of 1500	736	rundll32.exe	27
PID 736 wrote to memory of 1500	736	rundll32.exe	27
PID 736 wrote to memory of 1500	736	rundll32.exe	27
PID 736 wrote to memory of 1500	736	rundll32.exe	27
PID 1500 wrote to memory of 1880	1500	rundll32.exe	28
PID 1500 wrote to memory of 1880	1500	rundll32.exe	28
PID 1500 wrote to memory of 1880	1500	rundll32.exe	28
PID 1500 wrote to memory of 1880	1500	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
    3⤵
    - Program crash
    PID:1880

memory/1500-55-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download