483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-12-2022 17:15

Target

483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6.dll
Size

16KB
MD5

cc31d6a6320080e60c9a902bacd33bfa
SHA1

52113f1382e90bc2a06f654c652116dd00e3002d
SHA256

483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6
SHA512

f61ca29a24e469618deb29edb4839bd3a27d145d06370084ee14e509c060384a69d06cf478edc98b7953657af4a1844f3ad0801f047b4955527ae46b1835222e
SSDEEP

24:e1GSgDSEhxCglIB6SXvVmMPhTjvhBrDsqZ:SgDLllVImghTNBsG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1712	1940	WerFault.exe	26

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1940 wrote to memory of 1712	1940	rundll32.exe	27
PID 1940 wrote to memory of 1712	1940	rundll32.exe	27
PID 1940 wrote to memory of 1712	1940	rundll32.exe	27
PID 1940 wrote to memory of 1712	1940	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 228
    3⤵
    - Program crash
    PID:1712

memory/1712-56-0x0000000000000000-mapping.dmp

Download
memory/1940-54-0x0000000000000000-mapping.dmp

Download
memory/1940-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download