11cb7f8845c52e85a2fe7575bed517645dc487bef48efd813a3d9706af8d66cc

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 06:39

Target

9683b083c2edefe697ace9ccf9a2b71d.dll
Size

9KB
MD5

9683b083c2edefe697ace9ccf9a2b71d
SHA1

957bc6676db6fe173dbbb4efa58158da6271982c
SHA256

11cb7f8845c52e85a2fe7575bed517645dc487bef48efd813a3d9706af8d66cc
SHA512

85df9493a2a971547c00505b50389ad89ea63973c7199bf9b95be5df7a9f7eb2a8be4ea0e8c4b3a67720f2124b8d1f003e6c00d680ce6d93f51d40927245f3f4
SSDEEP

192:tEJjqXcbWcwPqtC/KHVy4AwOkHOiP1oyn6AllL:WJqXcbWcwPqk/KHV9oM18Al9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2664	2752	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2752	1252	rundll32.exe	28
PID 1252 wrote to memory of 2752	1252	rundll32.exe	28
PID 1252 wrote to memory of 2752	1252	rundll32.exe	28
PID 1252 wrote to memory of 2752	1252	rundll32.exe	28
PID 1252 wrote to memory of 2752	1252	rundll32.exe	28
PID 1252 wrote to memory of 2752	1252	rundll32.exe	28
PID 1252 wrote to memory of 2752	1252	rundll32.exe	28
PID 2752 wrote to memory of 2664	2752	rundll32.exe	29
PID 2752 wrote to memory of 2664	2752	rundll32.exe	29
PID 2752 wrote to memory of 2664	2752	rundll32.exe	29
PID 2752 wrote to memory of 2664	2752	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9683b083c2edefe697ace9ccf9a2b71d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9683b083c2edefe697ace9ccf9a2b71d.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 232
    3⤵
    - Program crash
    PID:2664