5f2c6672279e66fd827eb0cf06cb1eafa191ae99be0e4ede543306aa4c34bd53

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20-09-2023 07:34

Target

5f2c6672279e66fd827eb0cf06cb1eafa191ae99be0e4ede543306aa4c34bd53.dll
Size

118KB
MD5

1f988f846c2bd9b005b6b687abc4a5e5
SHA1

4bae92bbdc0f433e535cda39fb112605cc707a56
SHA256

5f2c6672279e66fd827eb0cf06cb1eafa191ae99be0e4ede543306aa4c34bd53
SHA512

0ebb81989660d3b344542439ce6bdc052d23191ec1317b23a83cd22da6ef3a97cc2661387b90ebe19e5dc24e3f8d4f938c35577b95a49de400966517fcaf3b76
SSDEEP

3072:yKD33Tq/Y4jZIAQP8eq21oEnsaxMreIpWEmUuJnhHMxi:/zq7jmAm8s1oHpWrJnhHL

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	2468	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2596	2468	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2468	2256	rundll32.exe	28
PID 2256 wrote to memory of 2468	2256	rundll32.exe	28
PID 2256 wrote to memory of 2468	2256	rundll32.exe	28
PID 2256 wrote to memory of 2468	2256	rundll32.exe	28
PID 2256 wrote to memory of 2468	2256	rundll32.exe	28
PID 2256 wrote to memory of 2468	2256	rundll32.exe	28
PID 2256 wrote to memory of 2468	2256	rundll32.exe	28
PID 2468 wrote to memory of 2596	2468	rundll32.exe	29
PID 2468 wrote to memory of 2596	2468	rundll32.exe	29
PID 2468 wrote to memory of 2596	2468	rundll32.exe	29
PID 2468 wrote to memory of 2596	2468	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f2c6672279e66fd827eb0cf06cb1eafa191ae99be0e4ede543306aa4c34bd53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f2c6672279e66fd827eb0cf06cb1eafa191ae99be0e4ede543306aa4c34bd53.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 260
    3⤵
    - Program crash
    PID:2596