7dfe6d44b9d931764b56362c4cac2bcb21521b64afc4f93bfd7afa56f1e13872

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 08:30

Target

5fe77d6be52dc63d5ac67974b1a890cb.dll
Size

4KB
MD5

5fe77d6be52dc63d5ac67974b1a890cb
SHA1

4374cd7a944d1fd1355766d5f904fe49f246a35f
SHA256

7dfe6d44b9d931764b56362c4cac2bcb21521b64afc4f93bfd7afa56f1e13872
SHA512

667e4bc7f8bbcda73a1683786195bde397f0ca77a8a73fe3efed304fe7c620379735189cb65817b5cb2cc0265cde604d42d5c44607b5335668467a887954ea8d
SSDEEP

48:q7mLuoDpJtYt3RTTOZdsdjV9s0XLXYUXLXvrk7c+hpztU/tW:A6G9RTAdQ9FnDo7ccltU/tW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2104	2964	WerFault.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2964	1716	rundll32.exe	17
PID 1716 wrote to memory of 2964	1716	rundll32.exe	17
PID 1716 wrote to memory of 2964	1716	rundll32.exe	17
PID 1716 wrote to memory of 2964	1716	rundll32.exe	17
PID 1716 wrote to memory of 2964	1716	rundll32.exe	17
PID 1716 wrote to memory of 2964	1716	rundll32.exe	17
PID 1716 wrote to memory of 2964	1716	rundll32.exe	17
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fe77d6be52dc63d5ac67974b1a890cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fe77d6be52dc63d5ac67974b1a890cb.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 224
1⤵
- Program crash
PID:2104