7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a

Analysis

max time kernel
150s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-02-2023 20:58

Target

7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll
Size

1.3MB
MD5

b3b6e4008889f72166d30c458533366b
SHA1

2b530848cf99d95e478ce1271396e67d62fe2aeb
SHA256

7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a
SHA512

9892c30181a310f54b05d380217eafabec303cb4160dd761439d79d916c1f068d31cf1be864de96aa18f99b43421b588cd5b99eae4c08defe0ae71e6f3394615
SSDEEP

24576:oe4P7eOOgqsWHExNblWuWOJ/jcZsdii0j4wXFOxRD687c:oefLgqsWHaAuWE/jczi0j4qcL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2020 1920 WerFault.exe rundll32.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1920 rundll32.exe

pid	pid_target	process	target process
2020	1920	WerFault.exe	rundll32.exe

pid	process
1920	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 324 wrote to memory of 1920	324	rundll32.exe	rundll32.exe
PID 324 wrote to memory of 1920	324	rundll32.exe	rundll32.exe
PID 324 wrote to memory of 1920	324	rundll32.exe	rundll32.exe
PID 324 wrote to memory of 1920	324	rundll32.exe	rundll32.exe
PID 324 wrote to memory of 1920	324	rundll32.exe	rundll32.exe
PID 324 wrote to memory of 1920	324	rundll32.exe	rundll32.exe
PID 324 wrote to memory of 1920	324	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 2020	1920	rundll32.exe	WerFault.exe
PID 1920 wrote to memory of 2020	1920	rundll32.exe	WerFault.exe
PID 1920 wrote to memory of 2020	1920	rundll32.exe	WerFault.exe
PID 1920 wrote to memory of 2020	1920	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 352
3⤵
- Program crash
PID:2020

memory/1920-55-0x0000000002090000-0x000000000250D000-memory.dmp

Filesize
4.5MB

Download
memory/1920-56-0x0000000002090000-0x000000000250D000-memory.dmp

Filesize
4.5MB

Download
memory/1920-54-0x0000000002090000-0x000000000250D000-memory.dmp

Filesize
4.5MB

Download
memory/1920-57-0x0000000002090000-0x000000000250D000-memory.dmp

Filesize
4.5MB

Download
memory/1920-58-0x0000000002090000-0x000000000250D000-memory.dmp

Filesize
4.5MB

Download