c6e5fdf8b11c1e0ed76ff534c09170afe7a6cd943daa38315d026274e52dda82

Analysis

max time kernel
119s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:07

Target

013eb4d385bc9bda622d8b04dd2d4c46.dll
Size

39KB
MD5

013eb4d385bc9bda622d8b04dd2d4c46
SHA1

7c05cdeb86e86fe23e225ec513f5275f77073fe7
SHA256

c6e5fdf8b11c1e0ed76ff534c09170afe7a6cd943daa38315d026274e52dda82
SHA512

c02520c7e7d3147251c82fa067419aa7ff1ce69aa7e4b3d7ef6f0e745811a3c74e6079e93339ceccd1051b246048be4905bda13279029b19f1073af19282ed8d
SSDEEP

768:BRcxy6r6UzkMG7AXaCGUb65MpHftqUmot1iRL3VJHc/lr:BRc9rrO0KE65rUBiRLkV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2392	2768	WerFault.exe	17

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2768	1732	rundll32.exe	17
PID 1732 wrote to memory of 2768	1732	rundll32.exe	17
PID 1732 wrote to memory of 2768	1732	rundll32.exe	17
PID 1732 wrote to memory of 2768	1732	rundll32.exe	17
PID 1732 wrote to memory of 2768	1732	rundll32.exe	17
PID 1732 wrote to memory of 2768	1732	rundll32.exe	17
PID 1732 wrote to memory of 2768	1732	rundll32.exe	17
PID 2768 wrote to memory of 2392	2768	rundll32.exe	20
PID 2768 wrote to memory of 2392	2768	rundll32.exe	20
PID 2768 wrote to memory of 2392	2768	rundll32.exe	20
PID 2768 wrote to memory of 2392	2768	rundll32.exe	20

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\013eb4d385bc9bda622d8b04dd2d4c46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\013eb4d385bc9bda622d8b04dd2d4c46.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 244
    3⤵
    - Program crash
    PID:2392

memory/2768-1-0x0000000038000000-0x000000003800D000-memory.dmp

Filesize
52KB

Download
memory/2768-0-0x0000000038000000-0x000000003800D000-memory.dmp

Filesize
52KB

Download