0eefbe7df23550ecf801cd4759af6bf4bdd95601034f7d4447237f8fa7dd4aa5

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 09:34

Target

0eefbe7df23550ecf801cd4759af6bf4bdd95601034f7d4447237f8fa7dd4aa5.dll
Size

61KB
MD5

bcd5622789f59ceb74f7fb6e5b1ed159
SHA1

c1981a10073fcb665584cf40fdc68245ac891ba2
SHA256

0eefbe7df23550ecf801cd4759af6bf4bdd95601034f7d4447237f8fa7dd4aa5
SHA512

fff575d66cd8d2d348b4e66169cd7889a7fc46539b6421fac4f24924c14b43c05face38ceb32f2e547f66601c75df15e07804597c9f216f1397180cc4c083cd6
SSDEEP

768:XWOMVp+mGUUUqMbG8ucO3vx4TYMx8lvJ5TT7I9lG8FnToIf1dFvqZPt5t1k:GfVQMSz32nx8lvHI9tFnToIfnuf1k

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rundll32.exe.xxt	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1040	2220	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2220	2236	rundll32.exe	30
PID 2236 wrote to memory of 2220	2236	rundll32.exe	30
PID 2236 wrote to memory of 2220	2236	rundll32.exe	30
PID 2236 wrote to memory of 2220	2236	rundll32.exe	30
PID 2236 wrote to memory of 2220	2236	rundll32.exe	30
PID 2236 wrote to memory of 2220	2236	rundll32.exe	30
PID 2236 wrote to memory of 2220	2236	rundll32.exe	30
PID 2220 wrote to memory of 1040	2220	rundll32.exe	31
PID 2220 wrote to memory of 1040	2220	rundll32.exe	31
PID 2220 wrote to memory of 1040	2220	rundll32.exe	31
PID 2220 wrote to memory of 1040	2220	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0eefbe7df23550ecf801cd4759af6bf4bdd95601034f7d4447237f8fa7dd4aa5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0eefbe7df23550ecf801cd4759af6bf4bdd95601034f7d4447237f8fa7dd4aa5.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 252
    3⤵
    - Program crash
    PID:1040