e6a9436d9cf8e4e580b8148b589822d2fa545e20fb00d1d87ff83d7f45388238

Analysis

max time kernel
237s
max time network
287s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:35

Target

0bd9e6ccaabd09c294bcf3676f339860.dll
Size

19KB
MD5

0bd9e6ccaabd09c294bcf3676f339860
SHA1

289929869102961a8f0359160e935d27f3cecb71
SHA256

e6a9436d9cf8e4e580b8148b589822d2fa545e20fb00d1d87ff83d7f45388238
SHA512

491e1e121acbf21e255dca733535e66bebba557ee8e94fb35730ee9391d5d6214b227613febeded78c40686d3f9d6d46de9432ec9c5d4b6f824b5ef8927a26e9
SSDEEP

384:jtj/2vDCuBo4RLA/THoJ43eK1MWUdVs6dmhfVHyHhibbk:pj/29tAT+43eKjUdVTdwVYht

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1824	2644	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2644	2976	rundll32.exe	27
PID 2976 wrote to memory of 2644	2976	rundll32.exe	27
PID 2976 wrote to memory of 2644	2976	rundll32.exe	27
PID 2976 wrote to memory of 2644	2976	rundll32.exe	27
PID 2976 wrote to memory of 2644	2976	rundll32.exe	27
PID 2976 wrote to memory of 2644	2976	rundll32.exe	27
PID 2976 wrote to memory of 2644	2976	rundll32.exe	27
PID 2644 wrote to memory of 1824	2644	rundll32.exe	28
PID 2644 wrote to memory of 1824	2644	rundll32.exe	28
PID 2644 wrote to memory of 1824	2644	rundll32.exe	28
PID 2644 wrote to memory of 1824	2644	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bd9e6ccaabd09c294bcf3676f339860.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bd9e6ccaabd09c294bcf3676f339860.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 228
    3⤵
    - Program crash
    PID:1824

memory/2644-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2644-1-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2644-2-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download