84288d0a286cbec9c6919d4dde243a5cd328c914ec3f4d9e6e305f336e92c1f6

Analysis

max time kernel
56s
max time network
29s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
10-12-2022 03:49

Target

1468-92-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

0f5e279cf6d84c8e5983e6f66fd72076
SHA1

8dd528f477f4fea2f9dee430de5c141c0f7e5587
SHA256

84288d0a286cbec9c6919d4dde243a5cd328c914ec3f4d9e6e305f336e92c1f6
SHA512

3dbda418514664dd7cd432cb219fee52e1ebf30e2ecdc2f47a02699f42d62e3230f616851bc864054daa882193d645c1bf2d9469dc214177e42026e32093e17e
SSDEEP

192:6P+nM5KC/zxayGc3gzq7YjDaqzJCueT+RfbZne9s6PL7yLP0tkYGijY:s5Jxayczq7Yjt9lfle9s6PLg6kYGi8

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

560 1676 WerFault.exe rundll32.exe

pid	pid_target	process	target process
560	1676	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1676 wrote to memory of 560	1676	rundll32.exe	WerFault.exe
PID 1676 wrote to memory of 560	1676	rundll32.exe	WerFault.exe
PID 1676 wrote to memory of 560	1676	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1468-92-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1676 -s 56
2⤵
- Program crash
PID:560