8c70c9c6060cc4eb98470705bc193e66f49c41f806eb1a38afdf3b7b12abea14

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:07

Target

1dfedcf2c37631739599fcc736e4572d.dll
Size

16KB
MD5

1dfedcf2c37631739599fcc736e4572d
SHA1

fe6f235f670f2da161056ff4dc50a1b0585430aa
SHA256

8c70c9c6060cc4eb98470705bc193e66f49c41f806eb1a38afdf3b7b12abea14
SHA512

64162f9ddb84d56bd02c7a392169764f357524f9d4ab4c85b0fcaa1758c49d20dfa9026aa091e53bf0a7d42d42d73efdd6d25f9e91dd33c3749ac3b64cd24e88
SSDEEP

192:Pp4DCs7GuWS50ZNOp6XKPjI+idSDbFiWF3uBBQ6PRQk/2Wrexh4/P:haCvuWSGfpxwJuBBQARQkhrexa

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
3036	3040	WerFault.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 3040	2940	rundll32.exe	15
PID 2940 wrote to memory of 3040	2940	rundll32.exe	15
PID 2940 wrote to memory of 3040	2940	rundll32.exe	15
PID 2940 wrote to memory of 3040	2940	rundll32.exe	15
PID 2940 wrote to memory of 3040	2940	rundll32.exe	15
PID 2940 wrote to memory of 3040	2940	rundll32.exe	15
PID 2940 wrote to memory of 3040	2940	rundll32.exe	15
PID 3040 wrote to memory of 3036	3040	rundll32.exe	14
PID 3040 wrote to memory of 3036	3040	rundll32.exe	14
PID 3040 wrote to memory of 3036	3040	rundll32.exe	14
PID 3040 wrote to memory of 3036	3040	rundll32.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 224
1⤵
- Program crash
PID:3036

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1dfedcf2c37631739599fcc736e4572d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1dfedcf2c37631739599fcc736e4572d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2940