d02e00a71619e93123f27b2386af2f58ed7e8b85b059aaa50f3cd4934c58ea23

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
08/02/2023, 10:46

Target

1772-147-0x00000000011F0000-0x00000000011FD000-memory.dll
Size

52KB
MD5

34a83cc9cd477dc0e67a72f9b6f3f7f6
SHA1

395dfec4a565e77b13ba86bb9c9cbab71b1b922e
SHA256

d02e00a71619e93123f27b2386af2f58ed7e8b85b059aaa50f3cd4934c58ea23
SHA512

ffeef09e7d8184f79b5cd397699f59fbe47b9e44e7d2bf1e3b1b1a11befb0099edbd61e6cb5360972a3f6a4851d827f657edb23372655947d7e1f18a0e779f2f
SSDEEP

768:5YCZ1LDKw4WqGC+jxSi2Gd3FPsZe5ILAd3IymvsP4GJFrVzhASpZe:eCZ1Kw4WqGCQ3d3FPAeaL633asP9rPe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	1520	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 792 wrote to memory of 1520	792	rundll32.exe	28
PID 792 wrote to memory of 1520	792	rundll32.exe	28
PID 792 wrote to memory of 1520	792	rundll32.exe	28
PID 792 wrote to memory of 1520	792	rundll32.exe	28
PID 792 wrote to memory of 1520	792	rundll32.exe	28
PID 792 wrote to memory of 1520	792	rundll32.exe	28
PID 792 wrote to memory of 1520	792	rundll32.exe	28
PID 1520 wrote to memory of 1728	1520	rundll32.exe	29
PID 1520 wrote to memory of 1728	1520	rundll32.exe	29
PID 1520 wrote to memory of 1728	1520	rundll32.exe	29
PID 1520 wrote to memory of 1728	1520	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1772-147-0x00000000011F0000-0x00000000011FD000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1772-147-0x00000000011F0000-0x00000000011FD000-memory.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 196
    3⤵
    - Program crash
    PID:1728

memory/1520-55-0x00000000763D1000-0x00000000763D3000-memory.dmp

Filesize
8KB

Download