33b6bda3402228c525e725ab084092107b39e9246c49239835a19758ded1d3ae

Analysis

max time kernel
10s
max time network
31s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:48

Target

1900593c14803ca43c128d74b9aedda4.dll
Size

95KB
MD5

1900593c14803ca43c128d74b9aedda4
SHA1

7e9e0489c6a0528fa2830fcd01028f9895c13e3e
SHA256

33b6bda3402228c525e725ab084092107b39e9246c49239835a19758ded1d3ae
SHA512

77cc4de647410f1f6364019e1dd3c459c0af6eb04d6f80bb5775db7ff797018b1b1821c1adbb2a80951ae027149b05568c3468081727d67bfb077c9599c08ebf
SSDEEP

1536:IPFJHJTXUP6GXMod1OS/bcbHFfB18wnCrsKekM6mOx:gFPQ6GX91F/bUH9B18jrsKekM6mOx

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\beep.sys	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2828	2816	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2816	2376	rundll32.exe	28
PID 2376 wrote to memory of 2816	2376	rundll32.exe	28
PID 2376 wrote to memory of 2816	2376	rundll32.exe	28
PID 2376 wrote to memory of 2816	2376	rundll32.exe	28
PID 2376 wrote to memory of 2816	2376	rundll32.exe	28
PID 2376 wrote to memory of 2816	2376	rundll32.exe	28
PID 2376 wrote to memory of 2816	2376	rundll32.exe	28
PID 2816 wrote to memory of 2828	2816	rundll32.exe	29
PID 2816 wrote to memory of 2828	2816	rundll32.exe	29
PID 2816 wrote to memory of 2828	2816	rundll32.exe	29
PID 2816 wrote to memory of 2828	2816	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900593c14803ca43c128d74b9aedda4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900593c14803ca43c128d74b9aedda4.dll,#1
  2⤵
  - Drops file in Drivers directory
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 328
    3⤵
    - Program crash
    PID:2828