0c205ce7bc123eea1dfeb7137348876e21fafe7fcd677e3a1547af59daaa1377

Analysis

max time kernel
140s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 05:58

Target

48352868edb6ead5c71454bbcb8b5496.dll
Size

45KB
MD5

48352868edb6ead5c71454bbcb8b5496
SHA1

e9666038da7cdd1f5909a871c59fa802175ef8e6
SHA256

0c205ce7bc123eea1dfeb7137348876e21fafe7fcd677e3a1547af59daaa1377
SHA512

936b9ca845ec949e6d88fc59209ed2893017601c077cb7601fd4abc8e0131d7003cb27fa25f95ccf9a99346ddebf61ffa077d7c5568fcb59fd4882823e9ae798
SSDEEP

768:ZGvNd8/fRaL6E0RfoHsQK+hd48JkLovIV8/QibUZYqMnCLN+Zud5O3uaKCuWLykw:Z8PII6CsQzd48JkLoIVLibUZYyN+Z4kd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2516	2312	WerFault.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2312	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2312	2800	rundll32.exe	15
PID 2800 wrote to memory of 2312	2800	rundll32.exe	15
PID 2800 wrote to memory of 2312	2800	rundll32.exe	15
PID 2800 wrote to memory of 2312	2800	rundll32.exe	15
PID 2800 wrote to memory of 2312	2800	rundll32.exe	15
PID 2800 wrote to memory of 2312	2800	rundll32.exe	15
PID 2800 wrote to memory of 2312	2800	rundll32.exe	15
PID 2312 wrote to memory of 2516	2312	rundll32.exe	14
PID 2312 wrote to memory of 2516	2312	rundll32.exe	14
PID 2312 wrote to memory of 2516	2312	rundll32.exe	14
PID 2312 wrote to memory of 2516	2312	rundll32.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
1⤵
- Program crash
PID:2516

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48352868edb6ead5c71454bbcb8b5496.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2800

memory/2312-2-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2312-4-0x000000007737F000-0x0000000077380000-memory.dmp

Filesize
4KB

Download
memory/2312-3-0x0000000013140000-0x0000000013166000-memory.dmp

Filesize
152KB

Download
memory/2312-1-0x0000000013140000-0x0000000013166000-memory.dmp

Filesize
152KB

Download
memory/2312-0-0x0000000013140000-0x0000000013166000-memory.dmp

Filesize
152KB

Download