784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6

Analysis

max time kernel
36s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
09-01-2023 20:22

Target

784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6.dll
Size

60KB
MD5

afdad4be32188bee71d4f891c479d821
SHA1

13f67ba774361761af8bedb0ffee0ab7b08e0dc4
SHA256

784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6
SHA512

8199ee1749f336a818efcb317cf8d72a8f82149d92db74f22539ec0e1ed3744e213c70b1114fdc49f8224ca06196df86379346982e43a77c6081e1909a8ee65c
SSDEEP

768:hO4apg9TJD/UFPvh45g1WmxValWf5uJMj9TX8Vd76o1x6:hHT+4mjw4IdZx

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2036 840 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2036	840	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 840 wrote to memory of 2036	840	rundll32.exe	WerFault.exe
PID 840 wrote to memory of 2036	840	rundll32.exe	WerFault.exe
PID 840 wrote to memory of 2036	840	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:840

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 840 -s 56
2⤵
- Program crash
PID:2036