80a47547fb424f1e69d96efee1d02c9cc48aaf669846bdf5efd03a258eaea429

Analysis

max time kernel
57s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 02:27

Target

80a47547fb424f1e69d96efee1d02c9cc48aaf669846bdf5efd03a258eaea429.dll
Size

344KB
MD5

8917a960e07956dbf77493c3a79f68f0
SHA1

b999373623315e2e84f79c66dbc8302d7d91fce2
SHA256

80a47547fb424f1e69d96efee1d02c9cc48aaf669846bdf5efd03a258eaea429
SHA512

a0bd17aa96969b39b61db246a0faa3a79c7a82ba6c3f1df338d94522b78c291f66f9a8b64a09fa41860579e457d6f12cebb5539ac6f246e819061370c08c884a
SSDEEP

6144:2xuVS8PJwP9XiKMeT0k6RZeWHSSQzgtGWhZzsMOqcm3fa:F08KP9XztT0kKeBzgtGYs7TmP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1984	1256	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 1256	1392	rundll32.exe	28
PID 1392 wrote to memory of 1256	1392	rundll32.exe	28
PID 1392 wrote to memory of 1256	1392	rundll32.exe	28
PID 1392 wrote to memory of 1256	1392	rundll32.exe	28
PID 1392 wrote to memory of 1256	1392	rundll32.exe	28
PID 1392 wrote to memory of 1256	1392	rundll32.exe	28
PID 1392 wrote to memory of 1256	1392	rundll32.exe	28
PID 1256 wrote to memory of 1984	1256	rundll32.exe	29
PID 1256 wrote to memory of 1984	1256	rundll32.exe	29
PID 1256 wrote to memory of 1984	1256	rundll32.exe	29
PID 1256 wrote to memory of 1984	1256	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80a47547fb424f1e69d96efee1d02c9cc48aaf669846bdf5efd03a258eaea429.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\80a47547fb424f1e69d96efee1d02c9cc48aaf669846bdf5efd03a258eaea429.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
    3⤵
    - Program crash
    PID:1984

memory/1256-54-0x0000000000000000-mapping.dmp

Download
memory/1256-55-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download
memory/1256-56-0x0000000000360000-0x00000000003B6000-memory.dmp

Filesize
344KB

Download
memory/1256-60-0x0000000000230000-0x000000000026A000-memory.dmp

Filesize
232KB

Download
memory/1984-61-0x0000000000000000-mapping.dmp

Download