db69b7f0e7b1fad1f80385fda6e9b2249ca75557b97496ab281a95ea80cab3a4

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-05-2023 11:38

Target

2040-55-0x00000000001B0000-0x00000000001C3000-memory.dll
Size

76KB
MD5

2655c80fc73aa500587d35d63e695040
SHA1

dae4ffaeb1c4cecc00ac3acaccde9237070e17a5
SHA256

db69b7f0e7b1fad1f80385fda6e9b2249ca75557b97496ab281a95ea80cab3a4
SHA512

55d4d56020ee4b3f00b1a460e65b3bafe61437f4295255eb769471b8dfc395b13319427c4aeef6498dd5c7c3390dd967788903fbd2f520047cfc8a819a83af35
SSDEEP

768:UGysYcthPbMLsPwFuY2RrQI6jRdB53st+1GJ0V0ezPQdDVJb0OTrd4fJDVLOPEBh:UyFML+2YIf5YdDn/qGU1jDiCo

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1976 1964 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1976	1964	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1964 wrote to memory of 1976	1964	rundll32.exe	WerFault.exe
PID 1964 wrote to memory of 1976	1964	rundll32.exe	WerFault.exe
PID 1964 wrote to memory of 1976	1964	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2040-55-0x00000000001B0000-0x00000000001C3000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1964

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1964 -s 56
2⤵
- Program crash
PID:1976