8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 05:33

Target

8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9.dll
Size

588KB
MD5

63e54d328f3c68088a6b40098d9ca1e0
SHA1

12d1c172e69f6881bc6844e36e108127021c34b4
SHA256

8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9
SHA512

604f88687059fd8ada2511f73ce94faabbb038f93d26a0a0f6b4294041977ece86bdcaad2de462124587dc74fbfacb1cfc78867b4d2eb48b0f740a1466ea62f0
SSDEEP

12288:l/WQBiD/u+cgTYegtCT4bx7Mpgd/NzF/Vdu6jcqEXMDyI:l/fB4TT4zYyNzF9duBqgxI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1740	1208	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1208 wrote to memory of 1740	1208	rundll32.exe	29
PID 1208 wrote to memory of 1740	1208	rundll32.exe	29
PID 1208 wrote to memory of 1740	1208	rundll32.exe	29
PID 1208 wrote to memory of 1740	1208	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 252
    3⤵
    - Program crash
    PID:1740

memory/1208-55-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1208-56-0x00000000003F0000-0x0000000000483000-memory.dmp

Filesize
588KB

Download
memory/1208-61-0x00000000002C0000-0x000000000033F000-memory.dmp

Filesize
508KB

Download