f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71

Resubmissions

19-05-2023 17:41

19-05-2023 17:27

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-05-2023 17:27

Target

f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71.dll
Size

1.2MB
MD5

7fd8bdc919af08976d6d7eb800015ade
SHA1

3ab4d86f12c9efad4f5e17cd0163724e8b77e8aa
SHA256

f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71
SHA512

c17af8f706dba273e91046961f8a4855ab49603f8dec9360074c0a4bb0a429f3c24821f0665cb80a6d194f5e8a45a3c5dad890d9fa5c7c8571ea0af1296977f2
SSDEEP

24576:5XK6ZFu5DoLYiLgBoAFvEAvxm4i0uuxhJV8e11g:RS4/AFGe4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2020	1160	WerFault.exe	22

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 2020	1160	rundll32.exe	27
PID 1160 wrote to memory of 2020	1160	rundll32.exe	27
PID 1160 wrote to memory of 2020	1160	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5cbfffa43e8280cd9b68bea2c612adb5aa47fe802d28db48dfd1d9291f4ad71.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1160 -s 84
  2⤵
  - Program crash
  PID:2020