57f16278c6cf25ff3e2d027f8e069a2065565aa64c08abd593b2989bcfe4611b

Analysis

max time kernel
34s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 08:58

Target

57f16278c6cf25ff3e2d027f8e069a2065565aa64c08abd593b2989bcfe4611b.dll
Size

420KB
MD5

9e86da597e57b6609df8b23b4c8944ac
SHA1

491b119425020705f0d7b61c8114d88ead52458f
SHA256

57f16278c6cf25ff3e2d027f8e069a2065565aa64c08abd593b2989bcfe4611b
SHA512

0874eaf73c11a5e42f8fd4e41b6286a35a2ccd4d58eebb78eeccc748f048b8bb5a3dc4442d3867d661e6c0bee0c536c509f6ed3cfc91495219600cd8e887eeab
SSDEEP

6144:2OC8WhOZzgPAWX1OLBbiHSGdBH9fkQ0Gd9MxEYRbqDftsgAgykbWZOhxt/:2OC8eOZzgP/FOFXUBCnlBq1slgq0t/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1900	836	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 836	368	rundll32.exe	27
PID 368 wrote to memory of 836	368	rundll32.exe	27
PID 368 wrote to memory of 836	368	rundll32.exe	27
PID 368 wrote to memory of 836	368	rundll32.exe	27
PID 368 wrote to memory of 836	368	rundll32.exe	27
PID 368 wrote to memory of 836	368	rundll32.exe	27
PID 368 wrote to memory of 836	368	rundll32.exe	27
PID 836 wrote to memory of 1900	836	rundll32.exe	28
PID 836 wrote to memory of 1900	836	rundll32.exe	28
PID 836 wrote to memory of 1900	836	rundll32.exe	28
PID 836 wrote to memory of 1900	836	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57f16278c6cf25ff3e2d027f8e069a2065565aa64c08abd593b2989bcfe4611b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57f16278c6cf25ff3e2d027f8e069a2065565aa64c08abd593b2989bcfe4611b.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 264
    3⤵
    - Program crash
    PID:1900

memory/836-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download
memory/836-56-0x00000000007D0000-0x000000000083C000-memory.dmp

Filesize
432KB

Download
memory/836-61-0x0000000000760000-0x00000000007BF000-memory.dmp

Filesize
380KB

Download