4a5531682ed5a69cb3c3d3f29c7947c5c862eaa8a8f5af597bb723397bb8d663

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16-06-2023 08:43

Target

4a5531682ed5a69cb3c3d3f29c7947c5c862eaa8a8f5af597bb723397bb8d663.dll
Size

3.8MB
MD5

545d958699895115bb9f4f42ba2a57ce
SHA1

c27b16d83bb0a96cb795c4e565b2c508efb5532d
SHA256

4a5531682ed5a69cb3c3d3f29c7947c5c862eaa8a8f5af597bb723397bb8d663
SHA512

d7cefcb053f63eea0f0d2ebfccb9f3ea4c8b466d60948f0f29a73ac28b5a0363a32621b8eaf8050ec0a7d30d201a9191f3c40fc9db21e3f7290574fcd86a6ced
SSDEEP

49152:U7Wp+tO09Xkax+bw2KnweWyP3Glz6clwTFUuvrUehB35a5F3pKKoef7It1bc6JTe:IJpM6/FeTIt19R/atd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1444	1708	WerFault.exe	19

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1444	1708	rundll32.exe	28
PID 1708 wrote to memory of 1444	1708	rundll32.exe	28
PID 1708 wrote to memory of 1444	1708	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a5531682ed5a69cb3c3d3f29c7947c5c862eaa8a8f5af597bb723397bb8d663.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1708 -s 200
  2⤵
  - Program crash
  PID:1444