bdaa68c205c48d9aba0f2fd9149a2b18d980b79d2ba0b79522d67fa86729c76f

Analysis

max time kernel
119s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 09:49

Target

cb18f18d4299584426a0fe3b19903ea5.dll
Size

3.4MB
MD5

cb18f18d4299584426a0fe3b19903ea5
SHA1

4934f0d2848c257d4b7e80a462cf50bda2ecaa93
SHA256

bdaa68c205c48d9aba0f2fd9149a2b18d980b79d2ba0b79522d67fa86729c76f
SHA512

3ff4c08892f74d2e95f67483d46506a4182654a30a2fe76719b82d4774a5b7a9a120c9cab80e25037217e33c50f086077b7bbe958f412082e2aafa5d756521bc
SSDEEP

49152:WVwEWxNIjbKKMVwEWxNIjbKKKKMVwEWxNIj:HEWxmEWxIEWx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	2120	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2120	1972	rundll32.exe	28
PID 1972 wrote to memory of 2120	1972	rundll32.exe	28
PID 1972 wrote to memory of 2120	1972	rundll32.exe	28
PID 1972 wrote to memory of 2120	1972	rundll32.exe	28
PID 1972 wrote to memory of 2120	1972	rundll32.exe	28
PID 1972 wrote to memory of 2120	1972	rundll32.exe	28
PID 1972 wrote to memory of 2120	1972	rundll32.exe	28
PID 2120 wrote to memory of 1948	2120	rundll32.exe	29
PID 2120 wrote to memory of 1948	2120	rundll32.exe	29
PID 2120 wrote to memory of 1948	2120	rundll32.exe	29
PID 2120 wrote to memory of 1948	2120	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb18f18d4299584426a0fe3b19903ea5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb18f18d4299584426a0fe3b19903ea5.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 224
    3⤵
    - Program crash
    PID:1948