17cb112704b3f7cf70cc386e50a41304ad6508e95265c00e4ccc42aadc5454b1

Analysis

max time kernel
15s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 10:49

Target

D3DX9.dll
Size

1.9MB
MD5

b17fa8b31d403faff9143c5bd2f4646e
SHA1

b29a8088af11bae0048da6df0369cff72f8e302d
SHA256

17cb112704b3f7cf70cc386e50a41304ad6508e95265c00e4ccc42aadc5454b1
SHA512

f664cbf2916192e64521b4885e3d09f609af5742ded50adbfd58aa1d80b1fb2c3001c0f5e20b4609d74ad56ca2a23b9014a0260bd5b759c095c0f4de88333b5f
SSDEEP

49152:zrlaTZoJu1wfuhM2dhYmnU1dE1KCdQiCPnLLc2//Viij3YVLiiZBhs9LCrMgl5:zrlaNoJu1wfuhM2dhYmnU1dE1PQiCPnw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2304	1152	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 1152	3060	rundll32.exe	28
PID 3060 wrote to memory of 1152	3060	rundll32.exe	28
PID 3060 wrote to memory of 1152	3060	rundll32.exe	28
PID 3060 wrote to memory of 1152	3060	rundll32.exe	28
PID 3060 wrote to memory of 1152	3060	rundll32.exe	28
PID 3060 wrote to memory of 1152	3060	rundll32.exe	28
PID 3060 wrote to memory of 1152	3060	rundll32.exe	28
PID 1152 wrote to memory of 2304	1152	rundll32.exe	29
PID 1152 wrote to memory of 2304	1152	rundll32.exe	29
PID 1152 wrote to memory of 2304	1152	rundll32.exe	29
PID 1152 wrote to memory of 2304	1152	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\D3DX9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\D3DX9.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1152
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 228
    3⤵
    - Program crash
    PID:2304