781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 10:48

Target

781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
Size

208KB
MD5

349740c3c51e472592fc596cb5a1b84d
SHA1

a916e6f200fc756f3a41b14ee1d5eb9296ea8146
SHA256

781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a
SHA512

e6371e7b2b1778ea374e14c0b2219cc5180638688e18d57f81aafcfc75dcac03d05fd6fb57512af274ef81e2d171967cdaae81e2745e689607889bc8549601af
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUDY55:LIDff9D8C6XYRw6MT2DEj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2392 2176 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2392	2176	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2404 wrote to memory of 2176	2404	rundll32.exe	rundll32.exe
PID 2404 wrote to memory of 2176	2404	rundll32.exe	rundll32.exe
PID 2404 wrote to memory of 2176	2404	rundll32.exe	rundll32.exe
PID 2404 wrote to memory of 2176	2404	rundll32.exe	rundll32.exe
PID 2404 wrote to memory of 2176	2404	rundll32.exe	rundll32.exe
PID 2404 wrote to memory of 2176	2404	rundll32.exe	rundll32.exe
PID 2404 wrote to memory of 2176	2404	rundll32.exe	rundll32.exe
PID 2176 wrote to memory of 2392	2176	rundll32.exe	WerFault.exe
PID 2176 wrote to memory of 2392	2176	rundll32.exe	WerFault.exe
PID 2176 wrote to memory of 2392	2176	rundll32.exe	WerFault.exe
PID 2176 wrote to memory of 2392	2176	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 232
    3⤵
    - Program crash
    PID:2392