02d2d004f30e2022c652cb1e92b92ed5326cb5d0c49a3983bdcb480ae6012fe9

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 18:18

Target

b80f7658ffb704350faf5060b1d92d66.dll
Size

424KB
MD5

b80f7658ffb704350faf5060b1d92d66
SHA1

2ad9d0776d0e38c306af1d40660045b1a98a8f04
SHA256

02d2d004f30e2022c652cb1e92b92ed5326cb5d0c49a3983bdcb480ae6012fe9
SHA512

61d95373a6d46c36e35b4f32d412440f54c9eecbaf04d596cd3da9b9144b0470588c241199ad2e08bd423d955e0a68ff7ee113bfcce9d82f759dc6dcc1709d1d
SSDEEP

6144:vl9XgnzxOP/sFR2h+9q1kih6ibUxrp3/vIyR5fih8JRmlM+9ZldLIsIyNk2uu6:vlCzcMg+9YkDiQ3/Q8Jud9f9jhuT

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2696	rundll32mgr.exe

Loads dropped DLL 11 IoCs

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2536	2696	WerFault.exe	29
2548	2104	WerFault.exe	28

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2104 wrote to memory of 2696	2104	rundll32.exe	29
PID 2104 wrote to memory of 2696	2104	rundll32.exe	29
PID 2104 wrote to memory of 2696	2104	rundll32.exe	29
PID 2104 wrote to memory of 2696	2104	rundll32.exe	29
PID 2104 wrote to memory of 2548	2104	rundll32.exe	30
PID 2104 wrote to memory of 2548	2104	rundll32.exe	30
PID 2104 wrote to memory of 2548	2104	rundll32.exe	30
PID 2104 wrote to memory of 2548	2104	rundll32.exe	30
PID 2696 wrote to memory of 2536	2696	rundll32mgr.exe	31
PID 2696 wrote to memory of 2536	2696	rundll32mgr.exe	31
PID 2696 wrote to memory of 2536	2696	rundll32mgr.exe	31
PID 2696 wrote to memory of 2536	2696	rundll32mgr.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b80f7658ffb704350faf5060b1d92d66.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b80f7658ffb704350faf5060b1d92d66.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 156
      4⤵
      Loads dropped DLL
      Program crash
      PID:2536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 228
    3⤵
    - Program crash
    PID:2548

\Windows\SysWOW64\rundll32mgr.exe

Filesize
187KB

MD5
27fdabf7c440551ce0d41832bb40e0e4

SHA1
c3a6f07789562c1edbea44197a3f6cb3f6d345c9

SHA256
52f26137f9a813c374e5bca7ae97f2f31c1f8084276944fdc5e97df7a69a86c4

SHA512
4c13cfe5ed6741933d83ba0af39bd9cc544033328fe015b5ec1f1eff358e54764814f60085c0b4528034e2e8ab2f94694e186b27d9e66e42e01391ba20f38df5

Download Submit
memory/2104-0-0x0000000074E30000-0x0000000074E9A000-memory.dmp

Filesize
424KB

Download
memory/2104-1-0x0000000074DC0000-0x0000000074E2A000-memory.dmp

Filesize
424KB

Download
memory/2104-5-0x0000000074DC0000-0x0000000074E2A000-memory.dmp

Filesize
424KB

Download
memory/2104-4-0x0000000074E30000-0x0000000074E9A000-memory.dmp

Filesize
424KB

Download
memory/2104-6-0x0000000000190000-0x00000000001CF000-memory.dmp

Filesize
252KB

Download
memory/2104-13-0x0000000000190000-0x00000000001CF000-memory.dmp

Filesize
252KB

Download
memory/2696-14-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download