ff08a03584fe032fafad393b732faaae8109ea6a9377ca90f396c1a9ac92725d

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 10:41

Target

ff08a03584fe032fafad393b732faaae8109ea6a9377ca90f396c1a9ac92725d.dll
Size

431KB
MD5

706d8766a13ea3a39d7c8a57640d098a
SHA1

3b8397427c098e309789caa19a9e55f41ab6a637
SHA256

ff08a03584fe032fafad393b732faaae8109ea6a9377ca90f396c1a9ac92725d
SHA512

20df54ac912cb4184819a3bc3a9f833ed6d47402236cc31e6846dc150626bf7ad9d18b536a95c71faedda06adb8bbba87c77b7e97a8020f97915c80c6fc2efb9
SSDEEP

12288:FKgaC5GqZFF7a6c0CcGYcxiABMqt6GMWP:FKC5p52LlcGYcx7BMqxJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
964	872	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 108 wrote to memory of 872	108	rundll32.exe	27
PID 872 wrote to memory of 964	872	rundll32.exe	28
PID 872 wrote to memory of 964	872	rundll32.exe	28
PID 872 wrote to memory of 964	872	rundll32.exe	28
PID 872 wrote to memory of 964	872	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff08a03584fe032fafad393b732faaae8109ea6a9377ca90f396c1a9ac92725d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff08a03584fe032fafad393b732faaae8109ea6a9377ca90f396c1a9ac92725d.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 264
    3⤵
    - Program crash
    PID:964

memory/872-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000001CA0000-0x0000000001D0E000-memory.dmp

Filesize
440KB

Download
memory/872-60-0x0000000010000000-0x000000001006E000-memory.dmp

Filesize
440KB

Download
memory/872-61-0x0000000001CA0000-0x0000000001D0E000-memory.dmp

Filesize
440KB

Download
memory/872-62-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/872-64-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download