6c6be902fa84e9800aa0b45e465c32ce56e6f6b37f2606fb3b0100561caebe6d

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 06:17

Target

6c6be902fa84e9800aa0b45e465c32ce56e6f6b37f2606fb3b0100561caebe6d.dll
Size

1.1MB
MD5

52abfe4b13b68b18d8ac9e07c7a0db87
SHA1

2a03e0698b0ac2c4c0124280772d7a6411f9c1b2
SHA256

6c6be902fa84e9800aa0b45e465c32ce56e6f6b37f2606fb3b0100561caebe6d
SHA512

9ab989a49757e957fd1f7f498fcf7793a056196aad6b29402e3228ccd33b34e5766998e8350c85bce35f6ef32964f3f53effe80596c9a92be6b1cbc5ebabed58
SSDEEP

24576:RLC8mOFREi+aglVuRckCELMfEBJKVu45wV3WoNimbHruII:rF5tnakTESEuTPJjruII

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2368	2364	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2364	1996	rundll32.exe	28
PID 1996 wrote to memory of 2364	1996	rundll32.exe	28
PID 1996 wrote to memory of 2364	1996	rundll32.exe	28
PID 1996 wrote to memory of 2364	1996	rundll32.exe	28
PID 1996 wrote to memory of 2364	1996	rundll32.exe	28
PID 1996 wrote to memory of 2364	1996	rundll32.exe	28
PID 1996 wrote to memory of 2364	1996	rundll32.exe	28
PID 2364 wrote to memory of 2368	2364	rundll32.exe	29
PID 2364 wrote to memory of 2368	2364	rundll32.exe	29
PID 2364 wrote to memory of 2368	2364	rundll32.exe	29
PID 2364 wrote to memory of 2368	2364	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c6be902fa84e9800aa0b45e465c32ce56e6f6b37f2606fb3b0100561caebe6d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c6be902fa84e9800aa0b45e465c32ce56e6f6b37f2606fb3b0100561caebe6d.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 224
    3⤵
    - Program crash
    PID:2368