14f547dcd04c628287c10f86b298fac8ff90f4ece52219de04aeec271a991b1e

Analysis

max time kernel
118s
max time network
144s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 08:11

Target

14f547dcd04c628287c10f86b298fac8ff90f4ece52219de04aeec271a991b1e.dll
Size

218KB
MD5

d005db484aec720aa294e09b9887995a
SHA1

26e4819163a63c0e456a187e25f413c00ff0f341
SHA256

14f547dcd04c628287c10f86b298fac8ff90f4ece52219de04aeec271a991b1e
SHA512

c18c361af9ee8eb2d95f082f996e19bb8a0569dd7214490f459766c5599411830da4b36796bb72eeedaa8f45c713851cededcbeb4948a1d6c21ff58966846994
SSDEEP

3072:4fyTFpiSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUlH58MBS:4flD4ktiD8UI8I66C+6AsXnifujK

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3064 3056 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3064	3056	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 3024 wrote to memory of 3056	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 3056	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 3056	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 3056	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 3056	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 3056	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 3056	3024	rundll32.exe	rundll32.exe
PID 3056 wrote to memory of 3064	3056	rundll32.exe	WerFault.exe
PID 3056 wrote to memory of 3064	3056	rundll32.exe	WerFault.exe
PID 3056 wrote to memory of 3064	3056	rundll32.exe	WerFault.exe
PID 3056 wrote to memory of 3064	3056	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14f547dcd04c628287c10f86b298fac8ff90f4ece52219de04aeec271a991b1e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14f547dcd04c628287c10f86b298fac8ff90f4ece52219de04aeec271a991b1e.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 232
3⤵
- Program crash
PID:3064