c068be4a48a2846b73e6aba954cd292846ad074601511e4c0ac3cd234735d7b5

Analysis

max time kernel
10s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 11:37

Target

c068be4a48a2846b73e6aba954cd292846ad074601511e4c0ac3cd234735d7b5.dll
Size

84KB
MD5

bd20d53a293f199daed0b5c66d8f118d
SHA1

17c67202fb5c29e1b43f9d5d15a48073c1a12bed
SHA256

c068be4a48a2846b73e6aba954cd292846ad074601511e4c0ac3cd234735d7b5
SHA512

19d6b5031df40da34a6a95a4d293e0817e2f7c7d94d384706c6701dc647067bab3773c94eab69c6f62999c5522e2c724837657128cb3bfa8dfd2b0b991e3dc87
SSDEEP

1536:Zdku7EthMM0icDUB6Pn0fnIcnToIf+IOFIO/FBb:ZzkcDy6P0fnIwTBfsP/FBb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
616	1728	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1728 wrote to memory of 616	1728	rundll32.exe	28
PID 1728 wrote to memory of 616	1728	rundll32.exe	28
PID 1728 wrote to memory of 616	1728	rundll32.exe	28
PID 1728 wrote to memory of 616	1728	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c068be4a48a2846b73e6aba954cd292846ad074601511e4c0ac3cd234735d7b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c068be4a48a2846b73e6aba954cd292846ad074601511e4c0ac3cd234735d7b5.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 228
    3⤵
    - Program crash
    PID:616

memory/1728-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download