4e5afae27146a4c700bb0692bd748cd8ee2766de6c3d9a1b8369d8b92735402d

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 14:40

Target

4e5afae27146a4c700bb0692bd748cd8ee2766de6c3d9a1b8369d8b92735402d.dll
Size

152KB
MD5

98c5ff85f03e565066d32e8d9ea2d007
SHA1

9d16126eaa44df971f845d42d679d8d255a34cdb
SHA256

4e5afae27146a4c700bb0692bd748cd8ee2766de6c3d9a1b8369d8b92735402d
SHA512

0872b21c3e56bb706a4df5b93f313438936ffc3273d844d4b8ea757989061677677fa7c82a5dbd09342e83914a2538d2ecd02cd3864bad38a64125ac69cf4826
SSDEEP

3072:bbos2iwH21v68OPQoxVQC6ZsQTZkBNqNugoXJI:bssj/J6eoH5tcF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
780	1400	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1400 wrote to memory of 780	1400	rundll32.exe	28
PID 1400 wrote to memory of 780	1400	rundll32.exe	28
PID 1400 wrote to memory of 780	1400	rundll32.exe	28
PID 1400 wrote to memory of 780	1400	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e5afae27146a4c700bb0692bd748cd8ee2766de6c3d9a1b8369d8b92735402d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e5afae27146a4c700bb0692bd748cd8ee2766de6c3d9a1b8369d8b92735402d.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 256
    3⤵
    - Program crash
    PID:780

memory/1400-55-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download
memory/1400-56-0x00000000001C0000-0x00000000001D3000-memory.dmp

Filesize
76KB

Download
memory/1400-57-0x00000000006E0000-0x000000000070A000-memory.dmp

Filesize
168KB

Download
memory/1400-61-0x00000000001C0000-0x00000000001D3000-memory.dmp

Filesize
76KB

Download