af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 12:50

Target

af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a.dll
Size

320KB
MD5

f64d060eaf2561560d3bc439b62f9517
SHA1

99948e1a93e506d6490b705d356a21b668b8bf0a
SHA256

af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a
SHA512

9c4d21784e75cf19b26c44fe0dd7de8d7fefb66f7b5a2f981db7e6b5edce532931589a9bd9a99d739f80ec171a72c9af70db6095dcc69e4c2b0771999a3d1605
SSDEEP

3072:kmCal1sCQTWCiMlmYV8siPcJNx1u0Ts66oP+/wAKaLZVWYJ66H+DHsBsqB4:kmCazsiPcJTNfGYAhzWJjDMGw4

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1560 1344 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1560	1344	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1344 wrote to memory of 1560	1344	rundll32.exe	WerFault.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	WerFault.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1344 -s 56
2⤵
- Program crash
PID:1560