55ce5e9e2e746a3db839932a5bfb12b01f8a70f5f61aae50ac245ded015b9fde

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:56

Target

1b1d4e36c9c3aea84a44864b27f48e0d.dll
Size

108KB
MD5

1b1d4e36c9c3aea84a44864b27f48e0d
SHA1

1950d6c91ac225aa0689d1dd4efe7695be6639d1
SHA256

55ce5e9e2e746a3db839932a5bfb12b01f8a70f5f61aae50ac245ded015b9fde
SHA512

ee26957f106b6f66c42091c277fc56ae45cd53a71cda4df36faa102be4b8485dcb3ae4c045ac311629c693d9448d8f771ff498c23b79cca34871652057aa97bb
SSDEEP

3072:FIOehVPIHLVCsYnqsQO86Jxp17PFuDa9Z4XW:DOnqsQO8Q99u2sW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2280	2124	WerFault.exe	16

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2124	2112	rundll32.exe	16
PID 2112 wrote to memory of 2124	2112	rundll32.exe	16
PID 2112 wrote to memory of 2124	2112	rundll32.exe	16
PID 2112 wrote to memory of 2124	2112	rundll32.exe	16
PID 2112 wrote to memory of 2124	2112	rundll32.exe	16
PID 2112 wrote to memory of 2124	2112	rundll32.exe	16
PID 2112 wrote to memory of 2124	2112	rundll32.exe	16
PID 2124 wrote to memory of 2280	2124	rundll32.exe	17
PID 2124 wrote to memory of 2280	2124	rundll32.exe	17
PID 2124 wrote to memory of 2280	2124	rundll32.exe	17
PID 2124 wrote to memory of 2280	2124	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b1d4e36c9c3aea84a44864b27f48e0d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b1d4e36c9c3aea84a44864b27f48e0d.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 260
    3⤵
    - Program crash
    PID:2280