e398755617e8a74e0bf91757d691c8aea826a585cd6eea0da2d6e3a3d9859fb6

Analysis

max time kernel
22s
max time network
59s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 12:10

Target

e398755617e8a74e0bf91757d691c8aea826a585cd6eea0da2d6e3a3d9859fb6.dll
Size

629KB
MD5

5c4708c5663f48023add1c88db83ebe6
SHA1

53f07e0f5374198019cf45142da6ff2768103a50
SHA256

e398755617e8a74e0bf91757d691c8aea826a585cd6eea0da2d6e3a3d9859fb6
SHA512

02cc6c31bfee2335249d1280461fe94bc81c8f4ffda8a304ecff9fab2c05d025fcde6819f938d2f8233886a3c6a2f119b88715996bfc8aac227034a0b9246088
SSDEEP

12288:rBMhr7P8bCv12vfTYdkaUP9yay8pyWbjtgMSpr3JymqmJiAPA5:ih/P8bCenSkygtXS7fER

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
676	2040	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2040	1252	rundll32.exe	28
PID 1252 wrote to memory of 2040	1252	rundll32.exe	28
PID 1252 wrote to memory of 2040	1252	rundll32.exe	28
PID 1252 wrote to memory of 2040	1252	rundll32.exe	28
PID 1252 wrote to memory of 2040	1252	rundll32.exe	28
PID 1252 wrote to memory of 2040	1252	rundll32.exe	28
PID 1252 wrote to memory of 2040	1252	rundll32.exe	28
PID 2040 wrote to memory of 676	2040	rundll32.exe	29
PID 2040 wrote to memory of 676	2040	rundll32.exe	29
PID 2040 wrote to memory of 676	2040	rundll32.exe	29
PID 2040 wrote to memory of 676	2040	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e398755617e8a74e0bf91757d691c8aea826a585cd6eea0da2d6e3a3d9859fb6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e398755617e8a74e0bf91757d691c8aea826a585cd6eea0da2d6e3a3d9859fb6.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 324
    3⤵
    - Program crash
    PID:676

memory/676-59-0x0000000000000000-mapping.dmp

Download
memory/2040-54-0x0000000000000000-mapping.dmp

Download
memory/2040-55-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download
memory/2040-56-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/2040-57-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download
memory/2040-58-0x0000000000190000-0x000000000019D000-memory.dmp

Filesize
52KB

Download
memory/2040-60-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/2040-61-0x0000000000190000-0x000000000019D000-memory.dmp

Filesize
52KB

Download