7e654331fa8f89f3ad9b17edc01627c9b264d971c0e7c6f09269392757f63ae7

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 22:22

Target

7e654331fa8f89f3ad9b17edc01627c9b264d971c0e7c6f09269392757f63ae7.dll
Size

242KB
MD5

3b1615475d6d4523649caac52f9b9848
SHA1

ba6520cb197b5b2091b4b3b636576136ecfa9f6f
SHA256

7e654331fa8f89f3ad9b17edc01627c9b264d971c0e7c6f09269392757f63ae7
SHA512

b7af1a9e72731d172200a17c50e432d9c96cb45fa1172633eeef81117e3a6158adff791f553cabad6ce60a857feb0586e2aba64a07f9c3b5f5c61004e9a8a338
SSDEEP

3072:1mkH4V2aLdAJJ5WcZW4TH25KXs8o66yWpQJU6fUzpqtcWGQT0Jkegj9Um54J1eoF:Ykvae5Wck4CAal6U6MzJk7jw/s

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
468	3960	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 3960	4960	rundll32.exe	83
PID 4960 wrote to memory of 3960	4960	rundll32.exe	83
PID 4960 wrote to memory of 3960	4960	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e654331fa8f89f3ad9b17edc01627c9b264d971c0e7c6f09269392757f63ae7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e654331fa8f89f3ad9b17edc01627c9b264d971c0e7c6f09269392757f63ae7.dll,#1
  2⤵
  PID:3960
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 632
    3⤵
    - Program crash
    PID:468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3960 -ip 3960
1⤵
PID:4912