858c4b6b7b063761aa1abb7ba864cf1ac1109e718b6fe55534cba2c66ecff2d6

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 06:53

Target

7f2dcdeb2663c2df7f8d8c3ccc6c2f3e.dll
Size

393KB
MD5

7f2dcdeb2663c2df7f8d8c3ccc6c2f3e
SHA1

23fdc2c88d74d1113f99def118b018f9e0ae4877
SHA256

858c4b6b7b063761aa1abb7ba864cf1ac1109e718b6fe55534cba2c66ecff2d6
SHA512

44960299d6e5357aadb45678c7e776c2aef956a02487afb6b20016ce01bbc1c6c33c3e454400e6946ef444adf2431c3484b02e75c8bd4b5103769d87cdd3456a
SSDEEP

6144:lpZUelTCjz+barYXiVvLAhvuC60LUGSNmbbEFKaA6F2fq5KcAO8nNnerQ73wg1B5:lvUeOrYX20hWAYTNFE+2CD6NneMwg1B5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2900	2092	WerFault.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2092	2492	rundll32.exe	2
PID 2492 wrote to memory of 2092	2492	rundll32.exe	2
PID 2492 wrote to memory of 2092	2492	rundll32.exe	2
PID 2492 wrote to memory of 2092	2492	rundll32.exe	2
PID 2492 wrote to memory of 2092	2492	rundll32.exe	2
PID 2492 wrote to memory of 2092	2492	rundll32.exe	2
PID 2492 wrote to memory of 2092	2492	rundll32.exe	2
PID 2092 wrote to memory of 2900	2092	rundll32.exe	1
PID 2092 wrote to memory of 2900	2092	rundll32.exe	1
PID 2092 wrote to memory of 2900	2092	rundll32.exe	1
PID 2092 wrote to memory of 2900	2092	rundll32.exe	1

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 304
1⤵
- Program crash
PID:2900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f2dcdeb2663c2df7f8d8c3ccc6c2f3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2092

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f2dcdeb2663c2df7f8d8c3ccc6c2f3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492