ce823c7aa86262869f3c3cd6e79f4d35fd4d445fc49f52ba34c253cd49471651

Analysis

max time kernel
1s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 07:13

Target

ce823c7aa86262869f3c3cd6e79f4d35fd4d445fc49f52ba34c253cd49471651.dll
Size

474KB
MD5

781c229d87aa1173592d00d61f79a594
SHA1

e856d48f502d7c46259a93f8c8393342e4880433
SHA256

ce823c7aa86262869f3c3cd6e79f4d35fd4d445fc49f52ba34c253cd49471651
SHA512

aa11ce0b1a2d363d246993ef1d046730e192a2979623b92e6a6145aae2b1b62a1a88ef085fed7a4b2745bfe99f41fcdfed95094284d3baa66535e5f6aca008da
SSDEEP

12288:D6WF6w1pPiSExsyLNhrenCQrSZ31xrT58Oup:muN1UTxsyLNsz231xrT+Ou

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
892	688	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 688	952	rundll32.exe	28
PID 952 wrote to memory of 688	952	rundll32.exe	28
PID 952 wrote to memory of 688	952	rundll32.exe	28
PID 952 wrote to memory of 688	952	rundll32.exe	28
PID 952 wrote to memory of 688	952	rundll32.exe	28
PID 952 wrote to memory of 688	952	rundll32.exe	28
PID 952 wrote to memory of 688	952	rundll32.exe	28
PID 688 wrote to memory of 892	688	rundll32.exe	29
PID 688 wrote to memory of 892	688	rundll32.exe	29
PID 688 wrote to memory of 892	688	rundll32.exe	29
PID 688 wrote to memory of 892	688	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce823c7aa86262869f3c3cd6e79f4d35fd4d445fc49f52ba34c253cd49471651.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce823c7aa86262869f3c3cd6e79f4d35fd4d445fc49f52ba34c253cd49471651.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 300
    3⤵
    - Program crash
    PID:892

memory/688-54-0x0000000000000000-mapping.dmp

Download
memory/688-55-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/688-56-0x0000000000270000-0x00000000002EE000-memory.dmp

Filesize
504KB

Download
memory/892-57-0x0000000000000000-mapping.dmp

Download