77aab0c0bc4bb4da132f40efea403e1afb5535b9668bd8c7e39fe767ed5669d7

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 07:31

Target

77aab0c0bc4bb4da132f40efea403e1afb5535b9668bd8c7e39fe767ed5669d7.dll
Size

457KB
MD5

db9e6315b12a712a7bf1fd5654d3b5c0
SHA1

09eea6629ec990dac78a17eed9940a52bfe8dfdd
SHA256

77aab0c0bc4bb4da132f40efea403e1afb5535b9668bd8c7e39fe767ed5669d7
SHA512

bd26a1d29a2698b863bd549b5a13cff0c7891332632b3747c4e66c725dccc9ae0b3f8847d69b4776e14f83b87b7c5225d4c72ed456348dc808cc0b97e7a1faa4
SSDEEP

12288:+1WD7iuq9WarATQBjI5CWfZfsDa4QItOhKl7:TD7iuqSTQBjIthfqXl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1288	1080	WerFault.exe	26

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 1080 wrote to memory of 1288	1080	rundll32.exe	27
PID 1080 wrote to memory of 1288	1080	rundll32.exe	27
PID 1080 wrote to memory of 1288	1080	rundll32.exe	27
PID 1080 wrote to memory of 1288	1080	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77aab0c0bc4bb4da132f40efea403e1afb5535b9668bd8c7e39fe767ed5669d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77aab0c0bc4bb4da132f40efea403e1afb5535b9668bd8c7e39fe767ed5669d7.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
    3⤵
    - Program crash
    PID:1288

memory/1080-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/1080-56-0x0000000000350000-0x00000000003C5000-memory.dmp

Filesize
468KB

Download
memory/1080-60-0x0000000000350000-0x00000000003C5000-memory.dmp

Filesize
468KB

Download
memory/1080-61-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1080-63-0x0000000000200000-0x0000000000261000-memory.dmp

Filesize
388KB

Download