a918d741eb98a4fe88b26c157f793d09cf5351b3357010d973297c2ddf9cc68d

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/11/2022, 23:41

Target

a918d741eb98a4fe88b26c157f793d09cf5351b3357010d973297c2ddf9cc68d.dll
Size

588KB
MD5

b74360b35959eadf64b11171f28dd0a0
SHA1

9a351310f74acd7d96340ed674455f1d84cd403e
SHA256

a918d741eb98a4fe88b26c157f793d09cf5351b3357010d973297c2ddf9cc68d
SHA512

94d945fce3e65f5d77c8d911546f0b1ae4e002e5c7898fc329ba078d2d6ac5ea86a9c533e022a84338a205f735317374f755e472255cb5cca72a053755cac585
SSDEEP

12288:8lqs9lwNapCTfUlFosfLBaamYLjEeYSBVA8Yi4ZiIfOp:jsk3YrTfLBaaTjhY8vwZXf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1292	1128	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1128 wrote to memory of 1292	1128	rundll32.exe	28
PID 1128 wrote to memory of 1292	1128	rundll32.exe	28
PID 1128 wrote to memory of 1292	1128	rundll32.exe	28
PID 1128 wrote to memory of 1292	1128	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a918d741eb98a4fe88b26c157f793d09cf5351b3357010d973297c2ddf9cc68d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a918d741eb98a4fe88b26c157f793d09cf5351b3357010d973297c2ddf9cc68d.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1128
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 252
    3⤵
    - Program crash
    PID:1292

memory/1128-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download
memory/1128-56-0x0000000000930000-0x00000000009C3000-memory.dmp

Filesize
588KB

Download
memory/1128-61-0x0000000000240000-0x00000000002BB000-memory.dmp

Filesize
492KB

Download