2e4258463b3bf120c05cc72a79fa4bf01eec70b9265ceed5bd5dbf5ed01091e8

Analysis

max time kernel
141s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07-03-2023 20:46

Target

0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll
Size

434KB
MD5

92aa4a3fbead08b0ad5fff5ee7320ff8
SHA1

1ff690b3e52fe61d84f04b8f34d9ffc5536d03bc
SHA256

0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c
SHA512

463d4b755a8c2a62703640d9feaaa99ef4eccd2199de6a47830daaef2c3d4d4abbb192efd9f416497f3cf44478cc1ac95b22a211210d60236ebb8e7ea455da6a
SSDEEP

12288:rJZ701RXT1BaB4Irm8VGf9hyI8K9HGgJA:VZ701RXT1wB4Irz0f9hNN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
772	1512	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 1512	916	rundll32.exe	27
PID 916 wrote to memory of 1512	916	rundll32.exe	27
PID 916 wrote to memory of 1512	916	rundll32.exe	27
PID 916 wrote to memory of 1512	916	rundll32.exe	27
PID 916 wrote to memory of 1512	916	rundll32.exe	27
PID 916 wrote to memory of 1512	916	rundll32.exe	27
PID 916 wrote to memory of 1512	916	rundll32.exe	27
PID 1512 wrote to memory of 772	1512	rundll32.exe	28
PID 1512 wrote to memory of 772	1512	rundll32.exe	28
PID 1512 wrote to memory of 772	1512	rundll32.exe	28
PID 1512 wrote to memory of 772	1512	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 224
    3⤵
    - Program crash
    PID:772

memory/1512-54-0x000000006B200000-0x000000006B271000-memory.dmp

Filesize
452KB

Download