ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 03:02

Target

ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e.dll
Size

269KB
MD5

c0bfc2c1897a9d23e86548fbb44987e9
SHA1

e826af97517d0509de2903ddaf87d1f4bf5f1a89
SHA256

ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e
SHA512

571c46d9b6f09458818c8ffb23485b05d58f5a09f8873d82876ab8174f1575ed0c7c3e149a57c9599ce3d7afbcb9a1194de2b2b867b9478a8a1c5c0a3775e319
SSDEEP

6144:OMrykYAuCX1IJ3Go0HmhAhh9XQT3V/yZYgYte36cjOHb:TzYAukoOwy1FTDqH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1684	1892	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 1892 wrote to memory of 1684	1892	rundll32.exe	28
PID 1892 wrote to memory of 1684	1892	rundll32.exe	28
PID 1892 wrote to memory of 1684	1892	rundll32.exe	28
PID 1892 wrote to memory of 1684	1892	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 256
    3⤵
    - Program crash
    PID:1684

memory/1892-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1892-56-0x00000000005B0000-0x00000000005F7000-memory.dmp

Filesize
284KB

Download
memory/1892-61-0x0000000000560000-0x00000000005A4000-memory.dmp

Filesize
272KB

Download