3bcced60731a6ce639b489a72ba61a9c4409ab259784303ee9cc174d9319573e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 10:37

Target

1620fd70a54e03fee86875364da963de.dll
Size

93KB
MD5

1620fd70a54e03fee86875364da963de
SHA1

77396ce97a2015e0d91d4d05c25af0548003fff3
SHA256

3bcced60731a6ce639b489a72ba61a9c4409ab259784303ee9cc174d9319573e
SHA512

00a6708cbb7013168a9833dff9f91bbc1bf633b020abe1b3623e20e0e221cc018f66930b2ba5ed6a51362b064fa05ae525cf73aeae1a3de647b0f806518b84a0
SSDEEP

1536:qyHblcgCPIBQOicuI/dU/ZoqPsuj4QfGjOpr/nX7MBZoYlktzW:vHbDKCoqdU/ZBEQfjMBDx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	2088	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2088	2080	rundll32.exe	28
PID 2080 wrote to memory of 2088	2080	rundll32.exe	28
PID 2080 wrote to memory of 2088	2080	rundll32.exe	28
PID 2080 wrote to memory of 2088	2080	rundll32.exe	28
PID 2080 wrote to memory of 2088	2080	rundll32.exe	28
PID 2080 wrote to memory of 2088	2080	rundll32.exe	28
PID 2080 wrote to memory of 2088	2080	rundll32.exe	28
PID 2088 wrote to memory of 1968	2088	rundll32.exe	29
PID 2088 wrote to memory of 1968	2088	rundll32.exe	29
PID 2088 wrote to memory of 1968	2088	rundll32.exe	29
PID 2088 wrote to memory of 1968	2088	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1620fd70a54e03fee86875364da963de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1620fd70a54e03fee86875364da963de.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 264
    3⤵
    - Program crash
    PID:1968

memory/2088-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2088-1-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download