83893c0e4d2d82dcb0c11e8667b75bfbf5c7e699a2c1b972d2fa0f1208ffd1f0

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 22:05

Target

83893c0e4d2d82dcb0c11e8667b75bfbf5c7e699a2c1b972d2fa0f1208ffd1f0.dll
Size

160KB
MD5

437696938ae26b931fc52c90ed1ef9da
SHA1

b66c22b952785907855d6e5a3c604603fea311ba
SHA256

83893c0e4d2d82dcb0c11e8667b75bfbf5c7e699a2c1b972d2fa0f1208ffd1f0
SHA512

6fad4888f57538d9cdcb93c6f98d23debe53e3e94325870f74d2d1292c044d0febcfba05d7c37ab82e774489dda5ff893dea86fdb95e0d99fe1410461f8b08e4
SSDEEP

3072:hEb8I3/mT1FvpcGzOkzq0ulwCTRHU+t1gYkMk3uM7V0XYAF5M4dgInksYCgLqOw:hEhvmHBcGqWaTR0+tuYvk4Eyrk35LqOw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
648	1036	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1036 wrote to memory of 648	1036	rundll32.exe	28
PID 1036 wrote to memory of 648	1036	rundll32.exe	28
PID 1036 wrote to memory of 648	1036	rundll32.exe	28
PID 1036 wrote to memory of 648	1036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83893c0e4d2d82dcb0c11e8667b75bfbf5c7e699a2c1b972d2fa0f1208ffd1f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\83893c0e4d2d82dcb0c11e8667b75bfbf5c7e699a2c1b972d2fa0f1208ffd1f0.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 228
    3⤵
    - Program crash
    PID:648

memory/1036-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/1036-56-0x0000000000160000-0x0000000000174000-memory.dmp

Filesize
80KB

Download
memory/1036-57-0x0000000000190000-0x00000000001BA000-memory.dmp

Filesize
168KB

Download
memory/1036-62-0x0000000000160000-0x0000000000174000-memory.dmp

Filesize
80KB

Download