1bdf25a90c528830232f900f5effdaf39d05a288759a1243c669c69906e537b3

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/08/2023, 09:27

Target

1bdf25a90c528830232f900f5effdaf39d05a288759a1243c669c69906e537b3.dll
Size

385KB
MD5

6674493906357de5dc6d191db6a4d02f
SHA1

a1abaa0b1b4f83521f63cbc0e00f4640b903b7d4
SHA256

1bdf25a90c528830232f900f5effdaf39d05a288759a1243c669c69906e537b3
SHA512

bd210ab7a87b9929ef9d1eee0638110e5cdb0481bde9d905cf1622097259fcb9664d72f88914ea2d303d6e518c9d45a48a47ba9a1cb9dc1feaf3e37ca90327a3
SSDEEP

6144:fT6trl2h2Irs9CyDepnyV3Zi46ULRQr1COHGVJ4WSBHn0d/w1nrQzKr8phpiayrV:fTHdrs870hpx8rGs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2052	2072	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 2072	1472	rundll32.exe	28
PID 1472 wrote to memory of 2072	1472	rundll32.exe	28
PID 1472 wrote to memory of 2072	1472	rundll32.exe	28
PID 1472 wrote to memory of 2072	1472	rundll32.exe	28
PID 1472 wrote to memory of 2072	1472	rundll32.exe	28
PID 1472 wrote to memory of 2072	1472	rundll32.exe	28
PID 1472 wrote to memory of 2072	1472	rundll32.exe	28
PID 2072 wrote to memory of 2052	2072	rundll32.exe	29
PID 2072 wrote to memory of 2052	2072	rundll32.exe	29
PID 2072 wrote to memory of 2052	2072	rundll32.exe	29
PID 2072 wrote to memory of 2052	2072	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bdf25a90c528830232f900f5effdaf39d05a288759a1243c669c69906e537b3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bdf25a90c528830232f900f5effdaf39d05a288759a1243c669c69906e537b3.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 228
    3⤵
    - Program crash
    PID:2052

memory/2072-53-0x0000000074FE0000-0x0000000075047000-memory.dmp

Filesize
412KB

Download