9bcecdee18877e22bc775ab32c42234e2f65300875008e2950966d07cc0ae33e

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 23:36

Target

665402f747d51c2c5e1697ac8e9c6da9.dll
Size

231KB
MD5

665402f747d51c2c5e1697ac8e9c6da9
SHA1

30c811ef0d18c02232b0e1f6843323261224a850
SHA256

9bcecdee18877e22bc775ab32c42234e2f65300875008e2950966d07cc0ae33e
SHA512

55b72c3baf033143ca720cfc9b62e6b921f817daa4cd47e7c858f9364549b604e288373d4e81c8a2e5317654cab4d24385d12debe8e60e6eaf244d13170cfb8d
SSDEEP

6144:zlcpp7LHIXawFY4mdClqCZKnSrKpw+BYQZSyK8zj:zqn77IXq4oCtAuKpw+BZZS78z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2112	2500	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 2500 wrote to memory of 2112	2500	rundll32.exe	29
PID 2500 wrote to memory of 2112	2500	rundll32.exe	29
PID 2500 wrote to memory of 2112	2500	rundll32.exe	29
PID 2500 wrote to memory of 2112	2500	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\665402f747d51c2c5e1697ac8e9c6da9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\665402f747d51c2c5e1697ac8e9c6da9.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 228
    3⤵
    - Program crash
    PID:2112

memory/2500-1-0x0000000000460000-0x0000000000498000-memory.dmp

Filesize
224KB

Download
memory/2500-0-0x00000000004A0000-0x0000000000505000-memory.dmp

Filesize
404KB

Download
memory/2500-5-0x0000000000460000-0x0000000000498000-memory.dmp

Filesize
224KB

Download