18cd0d73406ced250fdffb5a509d5020e3620cc8148597077725164c796830f6

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 11:52

Target

c5cf6f035c0c71a9d418f6125634ff96.dll
Size

510KB
MD5

c5cf6f035c0c71a9d418f6125634ff96
SHA1

dd0905c6ae2873862c5d27339f98c64f881de04a
SHA256

18cd0d73406ced250fdffb5a509d5020e3620cc8148597077725164c796830f6
SHA512

ca72a8ab847a1c42641f0b93d5c2ff2a3c0315e8d3724fc159027346a4c462d1a4f8c2389df0d9e310f8995fa26a1131d691f22cf94a7e8f936a6ec9ead32eb9
SSDEEP

12288:8igdX9wIPeC+ieBfFKSr8Qf4VDRC2mwEqC246FiSup:rgdX9wIDEKS34nblCggSe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3040	2196	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2196	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2196	2352	rundll32.exe	28
PID 2352 wrote to memory of 2196	2352	rundll32.exe	28
PID 2352 wrote to memory of 2196	2352	rundll32.exe	28
PID 2352 wrote to memory of 2196	2352	rundll32.exe	28
PID 2352 wrote to memory of 2196	2352	rundll32.exe	28
PID 2352 wrote to memory of 2196	2352	rundll32.exe	28
PID 2352 wrote to memory of 2196	2352	rundll32.exe	28
PID 2196 wrote to memory of 3040	2196	rundll32.exe	29
PID 2196 wrote to memory of 3040	2196	rundll32.exe	29
PID 2196 wrote to memory of 3040	2196	rundll32.exe	29
PID 2196 wrote to memory of 3040	2196	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5cf6f035c0c71a9d418f6125634ff96.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5cf6f035c0c71a9d418f6125634ff96.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 268
    3⤵
    - Program crash
    PID:3040

memory/2196-0-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-1-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-3-0x0000000000680000-0x00000000006AF000-memory.dmp

Filesize
188KB

Download
memory/2196-2-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-5-0x0000000000680000-0x00000000006AF000-memory.dmp

Filesize
188KB

Download
memory/2196-4-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-8-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-7-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2196-6-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-9-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-10-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2196-12-0x0000000000680000-0x00000000006AF000-memory.dmp

Filesize
188KB

Download