371e893ea727d7c5a44d3ebe082db98a10912f6b722d1ec5d22071d7535a3af1

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
09-08-2023 12:56

Target

“护航亚运”网络安全专项整治行动方案/vcruntime140_1d.dll
Size

62KB
MD5

aa51acf42986f844d36e4e7807f13239
SHA1

6284203a35fe0459204fc67d1cc4ec6b329a4ed0
SHA256

41dd9842b8ba31009ee80c0b382dc2136923d6077767b5fe35dfacce0634c5bc
SHA512

b724fac28a36b005c4a21dee9fd181bb85eced1c03903cbd81f04822f4adcd95042db7c58ba6e7c92c901f6a33c902ecd9dbeaec4c08c6a7ffd9e2ad57bc5e71
SSDEEP

768:W/ls0hHV3EXmIsb7/Hj1R9VDySAyusyQZVi0QCHji9znpRtcKDU9zk:Os0MknLyJy/VXQU+zvtcKYzk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2240	1896	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2240	1896	rundll32.exe	28
PID 1896 wrote to memory of 2240	1896	rundll32.exe	28
PID 1896 wrote to memory of 2240	1896	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\“护航亚运”网络安全专项整治行动方案\vcruntime140_1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1896 -s 84
  2⤵
  - Program crash
  PID:2240