85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 15:55

Target

85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll
Size

292KB
MD5

62ef645f3831cae277c8d6dbcc2112e9
SHA1

c4aa5f36c64889a5a2d49d5d1092585b25247f59
SHA256

85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f
SHA512

752df371b48ee1deb201f2008d8340147fc991bab3ffedb4f17c35219c7b1b0adbd7d215439798a388f945d9ba75209edc862a0776eb0f2333078a497c84c6dc
SSDEEP

6144:xgejiEdVHdmqrL9MRlx3tjAspuUb5p9TwHlM82xp:HjHVH3r2Rlx3WUbTNwHP4

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2300 864 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2300	864	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2724 wrote to memory of 864	2724	rundll32.exe	rundll32.exe
PID 2724 wrote to memory of 864	2724	rundll32.exe	rundll32.exe
PID 2724 wrote to memory of 864	2724	rundll32.exe	rundll32.exe
PID 2724 wrote to memory of 864	2724	rundll32.exe	rundll32.exe
PID 2724 wrote to memory of 864	2724	rundll32.exe	rundll32.exe
PID 2724 wrote to memory of 864	2724	rundll32.exe	rundll32.exe
PID 2724 wrote to memory of 864	2724	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 2300	864	rundll32.exe	WerFault.exe
PID 864 wrote to memory of 2300	864	rundll32.exe	WerFault.exe
PID 864 wrote to memory of 2300	864	rundll32.exe	WerFault.exe
PID 864 wrote to memory of 2300	864	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 220
3⤵
- Program crash
PID:2300