e002c57c0bf40d4f51f798ee07d6440cd1b68f30696cc29980e51cfced68c595

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-01-2023 09:58

Target

63be8791335f3.EXE.dll
Size

3.6MB
MD5

d0875eec4272c6624c49635ea35ac329
SHA1

c40edae2131fae0ffc85beba82b4bead6f60d1a4
SHA256

e002c57c0bf40d4f51f798ee07d6440cd1b68f30696cc29980e51cfced68c595
SHA512

92a914d5f9a27a820d7e66302ae33b9d19a60edd764633ea303e29f46a034f78e2ed8647df50812a82a252afc9c30960b4ee07232d48656fd52e60b4cad4a70d
SSDEEP

49152:3U392MgDq3hhH17R17ARy3fAb3XMPm7PE67jC65SMhDOgCNvUGF2txwf48IW48Tq:cOTN7PdSMh9C+afh4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1420	1904	WerFault.exe	25

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1420	1904	rundll32.exe	26
PID 1904 wrote to memory of 1420	1904	rundll32.exe	26
PID 1904 wrote to memory of 1420	1904	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63be8791335f3.EXE.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1904 -s 124
  2⤵
  - Program crash
  PID:1420