a20a84ccd2f8e1f7331192932e05fb53231d62fb36191933604ea85dfd5cd533

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:18

Target

74f3be42019d5715fff96db6c2ebca71.dll
Size

19KB
MD5

74f3be42019d5715fff96db6c2ebca71
SHA1

ccbf5ebb2cc0220d349b18cf673ddac7633c365b
SHA256

a20a84ccd2f8e1f7331192932e05fb53231d62fb36191933604ea85dfd5cd533
SHA512

367324ee594dfc2b0cf8e4b3b04f751054b0d9749a52a275500ffd216e0f4a31ba119d84e2a0ad6ced972fa5a49c5a7bdaa0e3cd83166a1a11dbcca4ac3e3581
SSDEEP

384:pa0h9x9DBDsgp203Pwg1qBiCwB7TgooB6yVUCbvAQxub:pDh9x1Vsgpr3og1DlvJU6yVUU9xub

Score

5^/10

Drops file in System32 directory 2 IoCs

Processes:

rundll32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WMIApiSrv.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\WMIApiSrv.dll	rundll32.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2256 2212 WerFault.exe rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

2212 rundll32.exe
2212 rundll32.exe

pid	pid_target	process	target process
2256	2212	WerFault.exe	rundll32.exe

pid	process
2212	rundll32.exe
2212	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1920 wrote to memory of 2212	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 2212	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 2212	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 2212	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 2212	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 2212	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 2212	1920	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2256	2212	rundll32.exe	WerFault.exe
PID 2212 wrote to memory of 2256	2212	rundll32.exe	WerFault.exe
PID 2212 wrote to memory of 2256	2212	rundll32.exe	WerFault.exe
PID 2212 wrote to memory of 2256	2212	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74f3be42019d5715fff96db6c2ebca71.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 224
3⤵
- Program crash
PID:2256

memory/2212-0-0x0000000010080000-0x000000001008F000-memory.dmp

Filesize
60KB

Download
memory/2212-1-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2212-3-0x0000000010080000-0x000000001008F000-memory.dmp

Filesize
60KB

Download