52c67ec21477bc99946a6beb325544f173f8d53482cdaa48a43479751ca72007

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 01:57

Target

52c67ec21477bc99946a6beb325544f173f8d53482cdaa48a43479751ca72007.dll
Size

520KB
MD5

789e9ca0cf761fc700375be8df1e76ac
SHA1

21d51e9d649f8cfe50d57617ed78b260ae1d2542
SHA256

52c67ec21477bc99946a6beb325544f173f8d53482cdaa48a43479751ca72007
SHA512

ad9355c7c15a4c7191e31a2d59197d9961b833d3b87aeb528d5a5336315bcf3f6df6e976911b781953adf15afc251fd7d169c310608348bb5ab628361cb46bd3
SSDEEP

6144:ATVIxIMbqmIVOCykm5vRINGQNN12yargJQjQzHHpTbKjYg3d0u9EToiXCYeUCZKZ:kVIx1wykYRIz3cgOMbpT+H3ddbdpZh

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	2120	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3028	2120	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2120	1756	rundll32.exe	28
PID 1756 wrote to memory of 2120	1756	rundll32.exe	28
PID 1756 wrote to memory of 2120	1756	rundll32.exe	28
PID 1756 wrote to memory of 2120	1756	rundll32.exe	28
PID 1756 wrote to memory of 2120	1756	rundll32.exe	28
PID 1756 wrote to memory of 2120	1756	rundll32.exe	28
PID 1756 wrote to memory of 2120	1756	rundll32.exe	28
PID 2120 wrote to memory of 3028	2120	rundll32.exe	29
PID 2120 wrote to memory of 3028	2120	rundll32.exe	29
PID 2120 wrote to memory of 3028	2120	rundll32.exe	29
PID 2120 wrote to memory of 3028	2120	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52c67ec21477bc99946a6beb325544f173f8d53482cdaa48a43479751ca72007.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52c67ec21477bc99946a6beb325544f173f8d53482cdaa48a43479751ca72007.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 228
    3⤵
    - Program crash
    PID:3028