871598b9007f599b43a1abf255f950b63e6765685ae3d45756bf05fa82e337b1

Analysis

max time kernel
141s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29-05-2023 06:53

Target

871598b9007f599b43a1abf255f950b63e6765685ae3d45756bf05fa82e337b1.dll
Size

201KB
MD5

77099bbd1007b7f819a7e1289194aeaf
SHA1

00cfcfd799a3d94b8705af082693b23da7d97afb
SHA256

871598b9007f599b43a1abf255f950b63e6765685ae3d45756bf05fa82e337b1
SHA512

1b7d75a2b76c1e0eecd0c969d32c6119eff3ad3aa3325d8208d3b8e029c70bae835c023ba38c1f4215f5ecfa979d348d6e9271b0a753b1e1c2a928cf06ae6b2c
SSDEEP

3072:Ya9hHwjrCHZaOLZL/WlY5HI85pkzYBIlRDCNDPOx3Q0dEEaO2AL5bnIDQ8vzR4:Ya9haCN7kY6L4qg0OO2QnCza

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1960 2012 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1960	2012	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2000 wrote to memory of 2012	2000	rundll32.exe	rundll32.exe
PID 2000 wrote to memory of 2012	2000	rundll32.exe	rundll32.exe
PID 2000 wrote to memory of 2012	2000	rundll32.exe	rundll32.exe
PID 2000 wrote to memory of 2012	2000	rundll32.exe	rundll32.exe
PID 2000 wrote to memory of 2012	2000	rundll32.exe	rundll32.exe
PID 2000 wrote to memory of 2012	2000	rundll32.exe	rundll32.exe
PID 2000 wrote to memory of 2012	2000	rundll32.exe	rundll32.exe
PID 2012 wrote to memory of 1960	2012	rundll32.exe	WerFault.exe
PID 2012 wrote to memory of 1960	2012	rundll32.exe	WerFault.exe
PID 2012 wrote to memory of 1960	2012	rundll32.exe	WerFault.exe
PID 2012 wrote to memory of 1960	2012	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\871598b9007f599b43a1abf255f950b63e6765685ae3d45756bf05fa82e337b1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\871598b9007f599b43a1abf255f950b63e6765685ae3d45756bf05fa82e337b1.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 284
3⤵
- Program crash
PID:1960

memory/2012-55-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/2012-56-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/2012-57-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/2012-54-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/2012-58-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download