a150094266d04c04ecc72750d14941bd09231ca988bd679715734e2d84e9954b

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 19:04

Target

a150094266d04c04ecc72750d14941bd09231ca988bd679715734e2d84e9954b.dll
Size

56KB
MD5

a136a596a5a5c625e0fbbe4fb3f2ae12
SHA1

f14c24c01f96ceed02eb10f00621755d30afb475
SHA256

a150094266d04c04ecc72750d14941bd09231ca988bd679715734e2d84e9954b
SHA512

08815e92779a85c4e83558dfc0c5afe3bbe7c6dd65d6fc004ad4f231be242aa3033c4ebc941525bedb4f3c8bfb032b23460bc4880638aba9582aa0a62435fa64
SSDEEP

768:hSjq0Qn1wNGdYFxs9dNS9hxVP4AYhT85J+PSV0Jgz9hdm9oai8JrkttaS20Qzk:4jq0QnqUEjQAY2V8gz92FOV25k

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1188	1672	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1672 wrote to memory of 1188	1672	rundll32.exe	28
PID 1672 wrote to memory of 1188	1672	rundll32.exe	28
PID 1672 wrote to memory of 1188	1672	rundll32.exe	28
PID 1672 wrote to memory of 1188	1672	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a150094266d04c04ecc72750d14941bd09231ca988bd679715734e2d84e9954b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a150094266d04c04ecc72750d14941bd09231ca988bd679715734e2d84e9954b.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 228
    3⤵
    - Program crash
    PID:1188

memory/1672-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download