cbbc3d1ac4ed991f08c7e9f4e78e847a8cfb0a4dec79bea78a11367ff2541d2d

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 08:47

Target

79cabec3a0bf3f190e436ae836213a73.dll
Size

40KB
MD5

79cabec3a0bf3f190e436ae836213a73
SHA1

09cb7c792e6a52d4519b8d205ae6091d5376c89d
SHA256

cbbc3d1ac4ed991f08c7e9f4e78e847a8cfb0a4dec79bea78a11367ff2541d2d
SHA512

907f8f5db123cc6e56bd6a5274e46022284ff7ff7c586866640fd3063a46de0a4fcb00f34dcc32c4ab6329a36dbe70f24b444ae138936a60583cd3ebf8c376f4
SSDEEP

384:s5L253Bx22U0EU3OnR78Q+vOu8kBsCcHSs3nRkh5siLz1zngE00Qc2MzrXOD:s5L2TQ2cR9+vjsXRa5skhrRPrXO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2320	2044	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2044	2420	rundll32.exe	28
PID 2420 wrote to memory of 2044	2420	rundll32.exe	28
PID 2420 wrote to memory of 2044	2420	rundll32.exe	28
PID 2420 wrote to memory of 2044	2420	rundll32.exe	28
PID 2420 wrote to memory of 2044	2420	rundll32.exe	28
PID 2420 wrote to memory of 2044	2420	rundll32.exe	28
PID 2420 wrote to memory of 2044	2420	rundll32.exe	28
PID 2044 wrote to memory of 2320	2044	rundll32.exe	29
PID 2044 wrote to memory of 2320	2044	rundll32.exe	29
PID 2044 wrote to memory of 2320	2044	rundll32.exe	29
PID 2044 wrote to memory of 2320	2044	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79cabec3a0bf3f190e436ae836213a73.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79cabec3a0bf3f190e436ae836213a73.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 228
    3⤵
    - Program crash
    PID:2320