3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429

Analysis

max time kernel
4s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 03:11

Target

3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429.dll
Size

596KB
MD5

910b14b3318fd7c06bd460a1b6bb92fd
SHA1

d34060d3ba6b1086fa4d5fae21ed58c34a51b1fe
SHA256

3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429
SHA512

6b32fa55c9cd846fcc6272d17569e87b7205e4ab00868bf21741d486d092a3e94c850faae4dc40dd18cf0f88169e123c8eb27d3bed839bd9807af9138a0222e6
SSDEEP

12288:tCR8QLQPMM53p/PIJWDCTy8oFXWuXzJ9uZIs:t8LLSMM5dQWGm8juXz6I

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	864	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 864 wrote to memory of 2012	864	rundll32.exe	29
PID 864 wrote to memory of 2012	864	rundll32.exe	29
PID 864 wrote to memory of 2012	864	rundll32.exe	29
PID 864 wrote to memory of 2012	864	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d7eddc725619ee2b62a8a0abcdec89733e02402017e27b35c51a09d19fd8429.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 256
    3⤵
    - Program crash
    PID:2012

memory/864-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/864-56-0x00000000003C0000-0x0000000000459000-memory.dmp

Filesize
612KB

Download
memory/864-60-0x0000000010000000-0x0000000010099000-memory.dmp

Filesize
612KB

Download
memory/864-62-0x0000000000280000-0x00000000002FB000-memory.dmp

Filesize
492KB

Download