56460c4133222841796c34b0d177a8c5e52b71de5e37d5b1cd098823bcbe9af0

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/05/2023, 16:13

Target

default.png.dll
Size

356KB
MD5

fce88b20bceebd0bfed68131820efab6
SHA1

0461dd044331ba548ec301930a956dbd65685d52
SHA256

56460c4133222841796c34b0d177a8c5e52b71de5e37d5b1cd098823bcbe9af0
SHA512

c9ee16ed2b56ba895d3e60cc0dfced304686a565c85fe2e2e273861ff4915848d31b44e53a4197534e54fe60feb60e434ce03350465eb9c8bb4176dbc7cae3cd
SSDEEP

6144:q/D0Hb7UDqr1yb1tux77q/Mt12SF7GhUdHMGMIvtx77QxxgHb9VnpTBJsp3zruNt:4D0Hb7L1yb1tux77q/MW6uIvr77cgHHp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
860	896	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 896	948	rundll32.exe	28
PID 948 wrote to memory of 896	948	rundll32.exe	28
PID 948 wrote to memory of 896	948	rundll32.exe	28
PID 948 wrote to memory of 896	948	rundll32.exe	28
PID 948 wrote to memory of 896	948	rundll32.exe	28
PID 948 wrote to memory of 896	948	rundll32.exe	28
PID 948 wrote to memory of 896	948	rundll32.exe	28
PID 896 wrote to memory of 860	896	rundll32.exe	29
PID 896 wrote to memory of 860	896	rundll32.exe	29
PID 896 wrote to memory of 860	896	rundll32.exe	29
PID 896 wrote to memory of 860	896	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\default.png.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\default.png.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 228
    3⤵
    - Program crash
    PID:860