8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737

Analysis

max time kernel
39s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 02:07

Target

8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737.dll
Size

704KB
MD5

65ba661fd3498e2a8624dd68d2666220
SHA1

912bcb591a54ac3111c4a373c3b1f786aa530758
SHA256

8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737
SHA512

f2d24b80e3a509411a062c30edd96fa7a23718c7b88bb52815298dba1fab50992ad1a5875cbb2cf4e0819717db1757ccf2ea8325b37669269dd195c12a9644f7
SSDEEP

12288:Z0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+ES1eu:GCwsdPJyC29e

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1552	rundll32mgr.exe

Loads dropped DLL 2 IoCs

pid	Process
1576	rundll32.exe
1576	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
552	1576	WerFault.exe	27

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 1576	1516	rundll32.exe	27
PID 1516 wrote to memory of 1576	1516	rundll32.exe	27
PID 1516 wrote to memory of 1576	1516	rundll32.exe	27
PID 1516 wrote to memory of 1576	1516	rundll32.exe	27
PID 1516 wrote to memory of 1576	1516	rundll32.exe	27
PID 1516 wrote to memory of 1576	1516	rundll32.exe	27
PID 1516 wrote to memory of 1576	1516	rundll32.exe	27
PID 1576 wrote to memory of 1552	1576	rundll32.exe	28
PID 1576 wrote to memory of 1552	1576	rundll32.exe	28
PID 1576 wrote to memory of 1552	1576	rundll32.exe	28
PID 1576 wrote to memory of 1552	1576	rundll32.exe	28
PID 1576 wrote to memory of 552	1576	rundll32.exe	29
PID 1576 wrote to memory of 552	1576	rundll32.exe	29
PID 1576 wrote to memory of 552	1576	rundll32.exe	29
PID 1576 wrote to memory of 552	1576	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    PID:1552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
    3⤵
    - Program crash
    PID:552

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
76KB

MD5
2e7df5ae9dcabe137166989493d996a9

SHA1
00a2f1abd5480d5e23bf512a8ee37aa842f69b54

SHA256
4c53f34aa96dc64de964e0f440218ea918b4ac56576323edb4626b17265bd8ef

SHA512
38bbc02e1767a8337ce53c73c637d4d9ec883d9f966dff26fb92ecda6d56646166deb5836a7edfd43725408f2e31f07935dbfaf726e6ea77c64ade18bad42d8f

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
76KB

MD5
2e7df5ae9dcabe137166989493d996a9

SHA1
00a2f1abd5480d5e23bf512a8ee37aa842f69b54

SHA256
4c53f34aa96dc64de964e0f440218ea918b4ac56576323edb4626b17265bd8ef

SHA512
38bbc02e1767a8337ce53c73c637d4d9ec883d9f966dff26fb92ecda6d56646166deb5836a7edfd43725408f2e31f07935dbfaf726e6ea77c64ade18bad42d8f

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
76KB

MD5
2e7df5ae9dcabe137166989493d996a9

SHA1
00a2f1abd5480d5e23bf512a8ee37aa842f69b54

SHA256
4c53f34aa96dc64de964e0f440218ea918b4ac56576323edb4626b17265bd8ef

SHA512
38bbc02e1767a8337ce53c73c637d4d9ec883d9f966dff26fb92ecda6d56646166deb5836a7edfd43725408f2e31f07935dbfaf726e6ea77c64ade18bad42d8f

Download Submit
memory/552-60-0x0000000000000000-mapping.dmp

Download
memory/1552-58-0x0000000000000000-mapping.dmp

Download
memory/1576-54-0x0000000000000000-mapping.dmp

Download
memory/1576-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download
memory/1576-61-0x0000000010000000-0x00000000100B1000-memory.dmp

Filesize
708KB

Download