b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5

Analysis

max time kernel
3s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 19:25

Target

b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5.dll
Size

411KB
MD5

e4a1e1ac96bc1ba61c85f354d9f8655b
SHA1

8db67d0a329a52c78eabaaf5885c9509565783f1
SHA256

b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5
SHA512

5e00c51d001cdadb004bb244ac5053013696360097b93f7468bb51bc4c73971d79df34992269de8983803f2b98935534d85cd96469f8a457e172c055a3cd9b58
SSDEEP

6144:KDmNdIhxjqhycqyN6Y7Gem+7F+3bIDE2L41fua0Jqb7bdO/8:qmN+hx24c/Vyv+4SCury7bdOE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
672	1984	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1984	1352	rundll32.exe	28
PID 1352 wrote to memory of 1984	1352	rundll32.exe	28
PID 1352 wrote to memory of 1984	1352	rundll32.exe	28
PID 1352 wrote to memory of 1984	1352	rundll32.exe	28
PID 1352 wrote to memory of 1984	1352	rundll32.exe	28
PID 1352 wrote to memory of 1984	1352	rundll32.exe	28
PID 1352 wrote to memory of 1984	1352	rundll32.exe	28
PID 1984 wrote to memory of 672	1984	rundll32.exe	29
PID 1984 wrote to memory of 672	1984	rundll32.exe	29
PID 1984 wrote to memory of 672	1984	rundll32.exe	29
PID 1984 wrote to memory of 672	1984	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 228
    3⤵
    - Program crash
    PID:672

memory/1984-55-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download
memory/1984-56-0x0000000000310000-0x0000000000379000-memory.dmp

Filesize
420KB

Download
memory/1984-60-0x0000000010000000-0x0000000010069000-memory.dmp

Filesize
420KB

Download
memory/1984-62-0x00000000001E0000-0x000000000023F000-memory.dmp

Filesize
380KB

Download