7370be64c36e85cb0d45d46f234f0d968f61e052b32cefd284e098cdee5b2727

Analysis

max time kernel
135s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2023, 23:06

Target

7370be64c36e85cb0d45d46f234f0d968f61e052b32cefd284e098cdee5b2727.dll
Size

4.0MB
MD5

f9d001c07313aef9b3d67b5b7fa28e2b
SHA1

710944f520257c8198df649f3d30fe4557f2fc0e
SHA256

7370be64c36e85cb0d45d46f234f0d968f61e052b32cefd284e098cdee5b2727
SHA512

16d4b905026609a0989ef307ace050b266c825cd73b8d1ae4b0df8c465434ecd07969e8a498acd952316d0057157aa9e0298efb9d96a03bc44ef6c236d4c71a8
SSDEEP

98304:dFgNfLKHcpGsCh+vyU/PukYqBFpO9zaCP5hqzzP8ky+f9DuLGz5:opLDM9RUYqBfO9nP5GIky+f9qL+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	4448	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 4448	2416	rundll32.exe	85
PID 2416 wrote to memory of 4448	2416	rundll32.exe	85
PID 2416 wrote to memory of 4448	2416	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7370be64c36e85cb0d45d46f234f0d968f61e052b32cefd284e098cdee5b2727.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7370be64c36e85cb0d45d46f234f0d968f61e052b32cefd284e098cdee5b2727.dll,#1
  2⤵
  PID:4448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 632
    3⤵
    - Program crash
    PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4448 -ip 4448
1⤵
PID:2784

memory/4448-133-0x0000000074E90000-0x0000000075647000-memory.dmp

Filesize
7.7MB

Download