6595f03e765bfc2db87b6a8e7123acaefd37d1d0e6adfc046f634b2a4ce878be

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30-07-2023 21:25

Target

2916-199-0x000007FEF5170000-0x000007FEF5BA9000-memory.dll
Size

10.2MB
MD5

5f5ee6867f7204a1e5ada81e53b21b3d
SHA1

31b90acf2828d68595bcbb5b9e3db5724ee0dbdf
SHA256

6595f03e765bfc2db87b6a8e7123acaefd37d1d0e6adfc046f634b2a4ce878be
SHA512

0256d606276a592fcc2e584b8754f8138e8ba25113cd005e1c29533d66689406f459c0cfe26874b24ba1a1c6dd41cdeedb8ba849ec8e30c944ccb1eb709f7ced
SSDEEP

196608:/ulYC7DBWNBF5NGeYxcGGWlqs135BTOnlEvLphJKYaoMK0FX1:/ul9pWD9nrGGiqs1JMuLJjMK2l

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1904 2192 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1904	2192	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2192 wrote to memory of 1904	2192	rundll32.exe	WerFault.exe
PID 2192 wrote to memory of 1904	2192	rundll32.exe	WerFault.exe
PID 2192 wrote to memory of 1904	2192	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2916-199-0x000007FEF5170000-0x000007FEF5BA9000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2192

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2192 -s 56
2⤵
- Program crash
PID:1904