860a37f1bbec02a029fe825b0f84e23666fc515fef7c7bf6657ae2106c5c93d5

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 08:07

Target

860a37f1bbec02a029fe825b0f84e23666fc515fef7c7bf6657ae2106c5c93d5.dll
Size

1011KB
MD5

0027e7f669f1328255ad75671322ebe0
SHA1

5cff83a31295a7d9e3473cf5e1bd5cc26142a5b6
SHA256

860a37f1bbec02a029fe825b0f84e23666fc515fef7c7bf6657ae2106c5c93d5
SHA512

bc68b2509386894af659720594f9adecf72cfac722e08c1ed2ab0c60d638da69e42746916740e6015ce743051fc95cd51eeade3be012bfb00a09d71dd2503fc0
SSDEEP

24576:ZTmgWjD3SUnT/UxNJuxn9ULobfOXNBgwkt+6RRjFMd0j2jBc:ZSgaPT/UPhcS/kt+sRBM0jp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
904	1956	WerFault.exe	28

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1956	1764	rundll32.exe	28
PID 1764 wrote to memory of 1956	1764	rundll32.exe	28
PID 1764 wrote to memory of 1956	1764	rundll32.exe	28
PID 1764 wrote to memory of 1956	1764	rundll32.exe	28
PID 1764 wrote to memory of 1956	1764	rundll32.exe	28
PID 1764 wrote to memory of 1956	1764	rundll32.exe	28
PID 1764 wrote to memory of 1956	1764	rundll32.exe	28
PID 1956 wrote to memory of 904	1956	rundll32.exe	29
PID 1956 wrote to memory of 904	1956	rundll32.exe	29
PID 1956 wrote to memory of 904	1956	rundll32.exe	29
PID 1956 wrote to memory of 904	1956	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\860a37f1bbec02a029fe825b0f84e23666fc515fef7c7bf6657ae2106c5c93d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\860a37f1bbec02a029fe825b0f84e23666fc515fef7c7bf6657ae2106c5c93d5.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 328
    3⤵
    - Program crash
    PID:904

memory/1956-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download