8c2d70a2f798b4765bc2b8c605eb9b18075a92a80a843e773a0da35953678749

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 07:17

Target

5bffd6b4e6d05effb6e3ef3aacf64b3a.dll
Size

2.6MB
MD5

5bffd6b4e6d05effb6e3ef3aacf64b3a
SHA1

f9bb4de906599e48f45ce11fb21d8efed8707567
SHA256

8c2d70a2f798b4765bc2b8c605eb9b18075a92a80a843e773a0da35953678749
SHA512

31893f87851be3990fd472717e9c1a2d7cce84fd61e77e862e8d7da7c4fa22aa72c19a7c2378991f6116650a41b0721ef2c3793db8bcd4d7b9ef5d2c759718fe
SSDEEP

49152:bml1VeO55nWLm5aO4IjaYhZj755q/c9fD7DaIKSUounCaF:8P55ndkvYhduNFnC0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2720	2396	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2396	2408	rundll32.exe	28
PID 2408 wrote to memory of 2396	2408	rundll32.exe	28
PID 2408 wrote to memory of 2396	2408	rundll32.exe	28
PID 2408 wrote to memory of 2396	2408	rundll32.exe	28
PID 2408 wrote to memory of 2396	2408	rundll32.exe	28
PID 2408 wrote to memory of 2396	2408	rundll32.exe	28
PID 2408 wrote to memory of 2396	2408	rundll32.exe	28
PID 2396 wrote to memory of 2720	2396	rundll32.exe	29
PID 2396 wrote to memory of 2720	2396	rundll32.exe	29
PID 2396 wrote to memory of 2720	2396	rundll32.exe	29
PID 2396 wrote to memory of 2720	2396	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bffd6b4e6d05effb6e3ef3aacf64b3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bffd6b4e6d05effb6e3ef3aacf64b3a.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 244
    3⤵
    - Program crash
    PID:2720

memory/2396-1-0x00000000749E0000-0x0000000074C7C000-memory.dmp

Filesize
2.6MB

Download
memory/2396-3-0x0000000074740000-0x00000000749DC000-memory.dmp

Filesize
2.6MB

Download
memory/2396-0-0x0000000074740000-0x00000000749DC000-memory.dmp

Filesize
2.6MB

Download
memory/2396-6-0x0000000074740000-0x00000000749DC000-memory.dmp

Filesize
2.6MB

Download
memory/2396-7-0x0000000001D80000-0x0000000001E4B000-memory.dmp

Filesize
812KB

Download
memory/2396-13-0x0000000074740000-0x00000000749DC000-memory.dmp

Filesize
2.6MB

Download