7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a

Analysis

max time kernel
52s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2023 20:58

Target

7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll
Size

1.3MB
MD5

b3b6e4008889f72166d30c458533366b
SHA1

2b530848cf99d95e478ce1271396e67d62fe2aeb
SHA256

7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a
SHA512

9892c30181a310f54b05d380217eafabec303cb4160dd761439d79d916c1f068d31cf1be864de96aa18f99b43421b588cd5b99eae4c08defe0ae71e6f3394615
SSDEEP

24576:oe4P7eOOgqsWHExNblWuWOJ/jcZsdii0j4wXFOxRD687c:oefLgqsWHaAuWE/jczi0j4qcL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4228 3000 WerFault.exe rundll32.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

3000 rundll32.exe

pid	pid_target	process	target process
4228	3000	WerFault.exe	rundll32.exe

pid	process
3000	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1060 wrote to memory of 3000	1060	rundll32.exe	rundll32.exe
PID 1060 wrote to memory of 3000	1060	rundll32.exe	rundll32.exe
PID 1060 wrote to memory of 3000	1060	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 812
3⤵
- Program crash
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3000 -ip 3000
1⤵
PID:4276

memory/3000-133-0x0000000002290000-0x000000000270D000-memory.dmp

Filesize
4.5MB

Download
memory/3000-134-0x0000000002290000-0x000000000270D000-memory.dmp

Filesize
4.5MB

Download
memory/3000-135-0x0000000002290000-0x000000000270D000-memory.dmp

Filesize
4.5MB

Download
memory/3000-136-0x0000000002290000-0x000000000270D000-memory.dmp

Filesize
4.5MB

Download
memory/3000-137-0x0000000002290000-0x000000000270D000-memory.dmp

Filesize
4.5MB

Download
memory/3000-138-0x0000000002290000-0x000000000270D000-memory.dmp

Filesize
4.5MB

Download
memory/3000-139-0x0000000002290000-0x000000000270D000-memory.dmp

Filesize
4.5MB

Download