cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a

Analysis

max time kernel
150s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-06-2023 19:11

Target

cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll
Size

939KB
MD5

8af07a7e620ff01e2be5869db105b012
SHA1

5bfb4803ef6249f22f8e571fab74bf9a3730c2e6
SHA256

cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a
SHA512

21fe37c8fe4634d0bcc3bbbfdb1435af982e2c31fe3297d50a78417bac964c252ff441c76d107ea94ac8b85aab02d1d0aa697b5615be83f2e5fba232bfbb67b5
SSDEEP

24576:TXvZl5Y074EjId8klXDYFBozQ/nEee7BBv:TRU07bjTkNuU7

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

888 1492 WerFault.exe rundll32.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1492 rundll32.exe

pid	pid_target	process	target process
888	1492	WerFault.exe	rundll32.exe

pid	process
1492	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 920 wrote to memory of 1492	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1492	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1492	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1492	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1492	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1492	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1492	920	rundll32.exe	rundll32.exe
PID 1492 wrote to memory of 888	1492	rundll32.exe	WerFault.exe
PID 1492 wrote to memory of 888	1492	rundll32.exe	WerFault.exe
PID 1492 wrote to memory of 888	1492	rundll32.exe	WerFault.exe
PID 1492 wrote to memory of 888	1492	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 324
3⤵
- Program crash
PID:888

memory/1492-55-0x0000000001E40000-0x000000000212E000-memory.dmp

Filesize
2.9MB

Download
memory/1492-56-0x0000000001E40000-0x000000000212E000-memory.dmp

Filesize
2.9MB

Download
memory/1492-57-0x0000000001E40000-0x000000000212E000-memory.dmp

Filesize
2.9MB

Download
memory/1492-54-0x0000000001E40000-0x000000000212E000-memory.dmp

Filesize
2.9MB

Download
memory/1492-58-0x0000000001E40000-0x000000000212E000-memory.dmp

Filesize
2.9MB

Download