0044d0aaf66f8d9906c67f67299477cac6f1bce839ac13e1821d076f19386c9b

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-02-2023 21:31

Target

test/e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7.dll
Size

434KB
MD5

45312e98b2626527c3aa4fb317a2cb64
SHA1

a244c27337189efde4e72ae7dd3ad6b0134a3fc3
SHA256

e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7
SHA512

4f898a7dbb1eca6cc994707e7171a6ebd9674526c8e6ab8282b288ee63176bb64581da74e4363054773edcdac83c922a72effc4b857fec919c4397b0881bd144
SSDEEP

12288:rJZ701RXT1BaB4Irm8VGf9hyI8K9HGgXA:VZ701RXT1wB4Irz0f9hNj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1560 1968 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1560	1968	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2020 wrote to memory of 1968	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1968	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1968	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1968	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1968	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1968	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1968	2020	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 1560	1968	rundll32.exe	WerFault.exe
PID 1968 wrote to memory of 1560	1968	rundll32.exe	WerFault.exe
PID 1968 wrote to memory of 1560	1968	rundll32.exe	WerFault.exe
PID 1968 wrote to memory of 1560	1968	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test\e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test\e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 224
3⤵
- Program crash
PID:1560

memory/1560-56-0x0000000000000000-mapping.dmp

Download
memory/1968-54-0x0000000000000000-mapping.dmp

Download
memory/1968-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download