6070ac798e84f434bf92d2b250035ab05c56956ddd395e287a8aa9b9e4b53fd4

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 04:36

Target

3fe98983e027d7ae2a518632a8e6e43a.dll
Size

16KB
MD5

3fe98983e027d7ae2a518632a8e6e43a
SHA1

db9a844f0ac1a285e9c2aae9d1fecf4ef5e3860d
SHA256

6070ac798e84f434bf92d2b250035ab05c56956ddd395e287a8aa9b9e4b53fd4
SHA512

e212896c848812a033124823c29fcf8e0b31b0c9127d6fba73b6a1aaa511f6ebfa2aabde83517bc4109874bbd38bb9e35015a0ef4c3803ab118ebf74e3a49830
SSDEEP

384:9E2FTZrYNtOFEJ0DTQaNFC5KhDDAk4+D5EHsPu7Pp0py:9l5ZrQOFENaNF+MDDAvv2Yp0s

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2768	1320	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 1320	2328	rundll32.exe	28
PID 2328 wrote to memory of 1320	2328	rundll32.exe	28
PID 2328 wrote to memory of 1320	2328	rundll32.exe	28
PID 2328 wrote to memory of 1320	2328	rundll32.exe	28
PID 2328 wrote to memory of 1320	2328	rundll32.exe	28
PID 2328 wrote to memory of 1320	2328	rundll32.exe	28
PID 2328 wrote to memory of 1320	2328	rundll32.exe	28
PID 1320 wrote to memory of 2768	1320	rundll32.exe	29
PID 1320 wrote to memory of 2768	1320	rundll32.exe	29
PID 1320 wrote to memory of 2768	1320	rundll32.exe	29
PID 1320 wrote to memory of 2768	1320	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fe98983e027d7ae2a518632a8e6e43a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fe98983e027d7ae2a518632a8e6e43a.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1320
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
    3⤵
    - Program crash
    PID:2768

memory/1320-0-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download
memory/1320-1-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download
memory/1320-2-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download