72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 21:02

Target

72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846.dll
Size

179KB
MD5

1f1a55e6fb038c90167c6c45146d5d92
SHA1

1a4e0f3d8156b6b126d673183e545773e1ab1b13
SHA256

72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846
SHA512

59d6e623134784350d1d5e5b1020483abd0d2b163611656242cad8423c5f9bb480a053a5c740d1d4e1abbdad8a615c751be1d5262d9417488fc24a8d2f1fa1c0
SSDEEP

3072:3ncwv7ebBHoXcva8ZpZ4QWytYEazKHdoK5KixPt9QzHXO/lAXlUVqglM/:8VHoXhfwaOHaK5ng3pXyVre

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2388	1944	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1944	848	rundll32.exe	28
PID 848 wrote to memory of 1944	848	rundll32.exe	28
PID 848 wrote to memory of 1944	848	rundll32.exe	28
PID 848 wrote to memory of 1944	848	rundll32.exe	28
PID 848 wrote to memory of 1944	848	rundll32.exe	28
PID 848 wrote to memory of 1944	848	rundll32.exe	28
PID 848 wrote to memory of 1944	848	rundll32.exe	28
PID 1944 wrote to memory of 2388	1944	rundll32.exe	29
PID 1944 wrote to memory of 2388	1944	rundll32.exe	29
PID 1944 wrote to memory of 2388	1944	rundll32.exe	29
PID 1944 wrote to memory of 2388	1944	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 268
    3⤵
    - Program crash
    PID:2388