ba891eb60674c292acd9eca797a4bc5433da31bcb9a026b1e5ccd12d18d90ed1

Analysis

max time kernel
17s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 00:59

Target

544-72-0x00000000002B0000-0x00000000002B9000-memory.dll
Size

36KB
MD5

6754861c91d95459c46ee1b8feceffba
SHA1

04768ed332da06ce26c2d0974b58ec42162b8387
SHA256

ba891eb60674c292acd9eca797a4bc5433da31bcb9a026b1e5ccd12d18d90ed1
SHA512

75a362b74e6109d18fd4dab0366902ef985f4d5ceac42f8dd990f413b7e541602fc2c9b0d681ed835bc69a8555dcf1d0d9bf4ac9a92022115383a5c2d96c97f2
SSDEEP

192:6P+nM5KC/zxayGc3gzq7YjDaqzJCueT+RfbZne9s6PLwgP0tkYGijYz:s5Jxayczq7Yjt9lfle9s6PLF6kYGi8z

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2036 840 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2036	840	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 840 wrote to memory of 2036	840	rundll32.exe	WerFault.exe
PID 840 wrote to memory of 2036	840	rundll32.exe	WerFault.exe
PID 840 wrote to memory of 2036	840	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\544-72-0x00000000002B0000-0x00000000002B9000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:840

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 840 -s 56
2⤵
- Program crash
PID:2036