6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 15:58

Target

6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll
Size

240KB
MD5

6a2ecd5487743d4129c23bbebe95e2e3
SHA1

431d87b53a8da69dfc60de90d2fa3f63a6c9fd15
SHA256

6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f
SHA512

5d2bb8ecb90228158c3b5a1f36bd05d7ff0b7c19c301aa20d8340dd3e3f2b3991b6f8a2d031a628af821aa5c6c5492e8201078182915aee7a1237c0b6a2ab39f
SSDEEP

3072:YmybuLkbiPXYu+MY3XpLd8VnQtyCCxEvRWCWa+NTPdJu6lhAOkSSs:YmpLkifY/MWXYQ3ntAm6D6

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1632 2456 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1632	2456	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2536 wrote to memory of 2456	2536	rundll32.exe	rundll32.exe
PID 2536 wrote to memory of 2456	2536	rundll32.exe	rundll32.exe
PID 2536 wrote to memory of 2456	2536	rundll32.exe	rundll32.exe
PID 2536 wrote to memory of 2456	2536	rundll32.exe	rundll32.exe
PID 2536 wrote to memory of 2456	2536	rundll32.exe	rundll32.exe
PID 2536 wrote to memory of 2456	2536	rundll32.exe	rundll32.exe
PID 2536 wrote to memory of 2456	2536	rundll32.exe	rundll32.exe
PID 2456 wrote to memory of 1632	2456	rundll32.exe	WerFault.exe
PID 2456 wrote to memory of 1632	2456	rundll32.exe	WerFault.exe
PID 2456 wrote to memory of 1632	2456	rundll32.exe	WerFault.exe
PID 2456 wrote to memory of 1632	2456	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 220
3⤵
- Program crash
PID:1632