603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02-10-2023 15:24

Target

603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll
Size

208KB
MD5

5f8817d460395d75b65046f25fb2fbef
SHA1

11e092a26d20769701de89560ac5ebb472d0f3e1
SHA256

603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c
SHA512

b236653a44f950991d6232ad41f1ef03f9ca477a1c9cdee678ce41b2fc1731810eae43d71e6b3862f50c17da11f9668118d857614ce9a88039ba8ab49529e1ef
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUcY58:LIDff9D8C6XYRw6MT2DEj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2792 2788 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2792	2788	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2412 wrote to memory of 2788	2412	rundll32.exe	rundll32.exe
PID 2412 wrote to memory of 2788	2412	rundll32.exe	rundll32.exe
PID 2412 wrote to memory of 2788	2412	rundll32.exe	rundll32.exe
PID 2412 wrote to memory of 2788	2412	rundll32.exe	rundll32.exe
PID 2412 wrote to memory of 2788	2412	rundll32.exe	rundll32.exe
PID 2412 wrote to memory of 2788	2412	rundll32.exe	rundll32.exe
PID 2412 wrote to memory of 2788	2412	rundll32.exe	rundll32.exe
PID 2788 wrote to memory of 2792	2788	rundll32.exe	WerFault.exe
PID 2788 wrote to memory of 2792	2788	rundll32.exe	WerFault.exe
PID 2788 wrote to memory of 2792	2788	rundll32.exe	WerFault.exe
PID 2788 wrote to memory of 2792	2788	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2412

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 232
3⤵
- Program crash
PID:2792