3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776

Analysis

max time kernel
4s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 19:39

Target

3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776.dll
Size

20KB
MD5

82611ffdfc86cf79e960721fc2751a33
SHA1

ec5769d34f3ed827e01ba5a646d9564a5035671e
SHA256

3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776
SHA512

4d951fabe822619f936132aa400a8d700e7898cb676c985154e7d49f26a2296e7beeceaa2516cf4911cf0b6bf8f41bb0e70a65dfa32ce68256e73065224cad21
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplcvCAu8UaWHuqaTlX0wG:zfYh2oCtpXPcvx2OqaewG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1532	948	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
948	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 948	1724	rundll32.exe	28
PID 1724 wrote to memory of 948	1724	rundll32.exe	28
PID 1724 wrote to memory of 948	1724	rundll32.exe	28
PID 1724 wrote to memory of 948	1724	rundll32.exe	28
PID 1724 wrote to memory of 948	1724	rundll32.exe	28
PID 1724 wrote to memory of 948	1724	rundll32.exe	28
PID 1724 wrote to memory of 948	1724	rundll32.exe	28
PID 948 wrote to memory of 1532	948	rundll32.exe	29
PID 948 wrote to memory of 1532	948	rundll32.exe	29
PID 948 wrote to memory of 1532	948	rundll32.exe	29
PID 948 wrote to memory of 1532	948	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 244
    3⤵
    - Program crash
    PID:1532

memory/948-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download