365cf2a8738e55585d84b70aa2802bd30c3e22e560f5fb9ab38cde9ab1d45bce

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 23:28

Target

windows.dll
Size

30KB
MD5

62456b6cbdb93b6f1458469d90c57e2c
SHA1

aee316ef1f6e14e839dd3ce4ef6e4dcd0dacc4c9
SHA256

445d74478a92117eb400ea0c41e8a90f91e44401b1b28536cd5bb8087572ed3f
SHA512

29331e7da090c9824d67db0a7c62099f3ca97e927d7ffda51237d785dadaf6c21875e98c6e404bb1f9a91382857fcd3ca57c504dc5fb5e5f6f9019cf3fcc732f
SSDEEP

384:klI3/3KtV9iTPyYpdj0MzM9vhI9o0dXVFxcnLsL4lVWHJ78eQVHuGkV3sh2XjtCo:0IStEp+qlXdca4lUJ74u1VcsXRnZuK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2216	2544	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2544	2028	rundll32.exe	28
PID 2028 wrote to memory of 2544	2028	rundll32.exe	28
PID 2028 wrote to memory of 2544	2028	rundll32.exe	28
PID 2028 wrote to memory of 2544	2028	rundll32.exe	28
PID 2028 wrote to memory of 2544	2028	rundll32.exe	28
PID 2028 wrote to memory of 2544	2028	rundll32.exe	28
PID 2028 wrote to memory of 2544	2028	rundll32.exe	28
PID 2544 wrote to memory of 2216	2544	rundll32.exe	29
PID 2544 wrote to memory of 2216	2544	rundll32.exe	29
PID 2544 wrote to memory of 2216	2544	rundll32.exe	29
PID 2544 wrote to memory of 2216	2544	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\windows.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\windows.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 228
    3⤵
    - Program crash
    PID:2216