d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-09-2023 04:37

Target

d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd.dll
Size

208KB
MD5

150f927e80f301beed5067d68f2e672f
SHA1

545d50d84312c1922416127de43c26723e94c3b9
SHA256

d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd
SHA512

5a65f56a1a7ece146ea9a375a9e7cb4547716443071652125d9ddabc2ce62156c398711c79d5fedac179105bedc59231632271de6601e2ac3310723cb5bfa010
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUuY57:LIDff9D8C6XYRw6MT2DEj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3020 3036 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3020	3036	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2304 wrote to memory of 3036	2304	rundll32.exe	rundll32.exe
PID 2304 wrote to memory of 3036	2304	rundll32.exe	rundll32.exe
PID 2304 wrote to memory of 3036	2304	rundll32.exe	rundll32.exe
PID 2304 wrote to memory of 3036	2304	rundll32.exe	rundll32.exe
PID 2304 wrote to memory of 3036	2304	rundll32.exe	rundll32.exe
PID 2304 wrote to memory of 3036	2304	rundll32.exe	rundll32.exe
PID 2304 wrote to memory of 3036	2304	rundll32.exe	rundll32.exe
PID 3036 wrote to memory of 3020	3036	rundll32.exe	WerFault.exe
PID 3036 wrote to memory of 3020	3036	rundll32.exe	WerFault.exe
PID 3036 wrote to memory of 3020	3036	rundll32.exe	WerFault.exe
PID 3036 wrote to memory of 3020	3036	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 232
3⤵
- Program crash
PID:3020