35eca44a8516f6e7354f245c6029ad766dfd74a94f3287a233477a22b250c834

Analysis

max time kernel
143s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 16:40

Target

35eca44a8516f6e7354f245c6029ad766dfd74a94f3287a233477a22b250c834.dll
Size

4.2MB
MD5

9c5fc32466ce3cbbf1fc28241bcace16
SHA1

e2862b204a63d61af3c6d3ded3dea6ca7ba47a63
SHA256

35eca44a8516f6e7354f245c6029ad766dfd74a94f3287a233477a22b250c834
SHA512

637506e50abdd04795610b358a2cf72e0580eeb46706942e2ae2d1cfc442f098c589959edf483f2ef911c3ec996763f1ba4c595c23d4205fd5ed5f9e149e2e78
SSDEEP

49152:AGq1SZZLP9l968KSDXr+ktOHh9oJEv9PDsx2ndPwqFELm/XcCGfTETwmA93:tq1mKQwHh9PPDsxAP+LOm9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2908	3032	WerFault.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 3032	3016	rundll32.exe	2
PID 3016 wrote to memory of 3032	3016	rundll32.exe	2
PID 3016 wrote to memory of 3032	3016	rundll32.exe	2
PID 3016 wrote to memory of 3032	3016	rundll32.exe	2
PID 3016 wrote to memory of 3032	3016	rundll32.exe	2
PID 3016 wrote to memory of 3032	3016	rundll32.exe	2
PID 3016 wrote to memory of 3032	3016	rundll32.exe	2
PID 3032 wrote to memory of 2908	3032	rundll32.exe	1
PID 3032 wrote to memory of 2908	3032	rundll32.exe	1
PID 3032 wrote to memory of 2908	3032	rundll32.exe	1
PID 3032 wrote to memory of 2908	3032	rundll32.exe	1

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 352
1⤵
- Program crash
PID:2908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35eca44a8516f6e7354f245c6029ad766dfd74a94f3287a233477a22b250c834.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35eca44a8516f6e7354f245c6029ad766dfd74a94f3287a233477a22b250c834.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016

memory/3032-0-0x0000000000950000-0x0000000000D90000-memory.dmp

Filesize
4.2MB

Download
memory/3032-2-0x0000000000950000-0x0000000000D90000-memory.dmp

Filesize
4.2MB

Download