3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429

Analysis

max time kernel
4s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 03:11

Target

3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429.dll
Size

596KB
MD5

910b14b3318fd7c06bd460a1b6bb92fd
SHA1

d34060d3ba6b1086fa4d5fae21ed58c34a51b1fe
SHA256

3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429
SHA512

6b32fa55c9cd846fcc6272d17569e87b7205e4ab00868bf21741d486d092a3e94c850faae4dc40dd18cf0f88169e123c8eb27d3bed839bd9807af9138a0222e6
SSDEEP

12288:tCR8QLQPMM53p/PIJWDCTy8oFXWuXzJ9uZIs:t8LLSMM5dQWGm8juXz6I

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2012 864 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2012	864	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1108 wrote to memory of 864	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 864	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 864	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 864	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 864	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 864	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 864	1108	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 2012	864	rundll32.exe	WerFault.exe
PID 864 wrote to memory of 2012	864	rundll32.exe	WerFault.exe
PID 864 wrote to memory of 2012	864	rundll32.exe	WerFault.exe
PID 864 wrote to memory of 2012	864	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 256
3⤵
- Program crash
PID:2012

memory/864-54-0x0000000000000000-mapping.dmp

Download
memory/864-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/864-56-0x00000000003C0000-0x0000000000459000-memory.dmp

Filesize
612KB

Download
memory/864-60-0x0000000010000000-0x0000000010099000-memory.dmp

Filesize
612KB

Download
memory/864-62-0x0000000000280000-0x00000000002FB000-memory.dmp

Filesize
492KB

Download
memory/2012-61-0x0000000000000000-mapping.dmp

Download