893f4e15b27aa12b52fc489de66d28e27e8efa7ae9d529f0ea4882188191ac28

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 21:35

Target

893f4e15b27aa12b52fc489de66d28e27e8efa7ae9d529f0ea4882188191ac28.dll
Size

20KB
MD5

be8d90683574187063a25d1d86c20ac0
SHA1

426325b6730c158d136164028437ca1718f1f004
SHA256

893f4e15b27aa12b52fc489de66d28e27e8efa7ae9d529f0ea4882188191ac28
SHA512

948e5e4ad59fadd7bed2c665df5939daa5ed0ffd094afae3912ae4c213e6773b3c4d0bd0f861850d136d02cc0ace86da53d7d755b2ce53a1b3ec26a0ac8b3594
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0Xplc7CAu8UaWHuqaTlX0wG:zfYh2oCtpXPc7x2OqaewG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	844	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
844	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 844 wrote to memory of 2032	844	rundll32.exe	28
PID 844 wrote to memory of 2032	844	rundll32.exe	28
PID 844 wrote to memory of 2032	844	rundll32.exe	28
PID 844 wrote to memory of 2032	844	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\893f4e15b27aa12b52fc489de66d28e27e8efa7ae9d529f0ea4882188191ac28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\893f4e15b27aa12b52fc489de66d28e27e8efa7ae9d529f0ea4882188191ac28.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 244
    3⤵
    - Program crash
    PID:2032

memory/844-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download