2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988

Analysis

max time kernel
243s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 06:24

Target

2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988.dll
Size

763KB
MD5

d5a01e812ecec2ec265784eace378d68
SHA1

bc195bf2b2790a2761a97c65fba056891378c3d3
SHA256

2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988
SHA512

2e945e83fefb302f8dfb5896a1433618be8b01072845daaa3804384655854c19c3c49a59c2ba6a25aae239c50da667ba04d933355d8d0ea454a97de3a18ea868
SSDEEP

12288:IdP0lUmNIvvhscM75sH5SBT20ed9N/5iiQQdxGjQ/gXi7kVwoGONANbmmnvKXR3e:IdclUmNIvvhscMtsKT20edr5iiQQdxGg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
772	520	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 520	560	rundll32.exe	28
PID 560 wrote to memory of 520	560	rundll32.exe	28
PID 560 wrote to memory of 520	560	rundll32.exe	28
PID 560 wrote to memory of 520	560	rundll32.exe	28
PID 560 wrote to memory of 520	560	rundll32.exe	28
PID 560 wrote to memory of 520	560	rundll32.exe	28
PID 560 wrote to memory of 520	560	rundll32.exe	28
PID 520 wrote to memory of 772	520	rundll32.exe	29
PID 520 wrote to memory of 772	520	rundll32.exe	29
PID 520 wrote to memory of 772	520	rundll32.exe	29
PID 520 wrote to memory of 772	520	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 520 -s 256
    3⤵
    - Program crash
    PID:772

memory/520-55-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download
memory/520-57-0x0000000074FB0000-0x0000000075074000-memory.dmp

Filesize
784KB

Download
memory/520-59-0x0000000000340000-0x000000000034D000-memory.dmp

Filesize
52KB

Download
memory/520-58-0x0000000000330000-0x000000000033D000-memory.dmp

Filesize
52KB

Download