6caf2a9b8fe3e2338766151f9ab9ce755c75529f19859b7a0baf9b2759fd2bd7

Analysis

max time kernel
5s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 14:35

Target

6caf2a9b8fe3e2338766151f9ab9ce755c75529f19859b7a0baf9b2759fd2bd7.dll
Size

534KB
MD5

6722e22aebf7eb243724ef905f354b14
SHA1

ade3f54b5e6de5e4f5b3dd7d29e7c6e0d61b409a
SHA256

6caf2a9b8fe3e2338766151f9ab9ce755c75529f19859b7a0baf9b2759fd2bd7
SHA512

c1cbdecd4d23ac600099720a4f38a3c8dfaca1589fbed947e864542ce5cc9da0be6b29d6a850ef68a2f5f29cd10507797173cd66e960caacf2cb68482dc2d9e7
SSDEEP

6144:Q7nxN/+06lJQDVHHDlJQAYX938JiWdXm:+xN/EXwVHHZJcN2y

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1544	1360	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1360	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 1360	872	rundll32.exe	27
PID 872 wrote to memory of 1360	872	rundll32.exe	27
PID 872 wrote to memory of 1360	872	rundll32.exe	27
PID 872 wrote to memory of 1360	872	rundll32.exe	27
PID 872 wrote to memory of 1360	872	rundll32.exe	27
PID 872 wrote to memory of 1360	872	rundll32.exe	27
PID 872 wrote to memory of 1360	872	rundll32.exe	27
PID 1360 wrote to memory of 1544	1360	rundll32.exe	28
PID 1360 wrote to memory of 1544	1360	rundll32.exe	28
PID 1360 wrote to memory of 1544	1360	rundll32.exe	28
PID 1360 wrote to memory of 1544	1360	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6caf2a9b8fe3e2338766151f9ab9ce755c75529f19859b7a0baf9b2759fd2bd7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6caf2a9b8fe3e2338766151f9ab9ce755c75529f19859b7a0baf9b2759fd2bd7.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 312
    3⤵
    - Program crash
    PID:1544

memory/1360-55-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download
memory/1360-57-0x0000000010000000-0x000000001008F000-memory.dmp

Filesize
572KB

Download