2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 19:17

Target

2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4.dll
Size

205KB
MD5

8b994526c2d3405eea11bb7f2bdea1d1
SHA1

5109a133db7f8a6e4761e08b930eb70abecf603e
SHA256

2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4
SHA512

8b04dd06ef889fb6d4cdeaf7419db4510b8592d28073b1fbdbd6082809701f208fe82b3e2ff32bf60a38f58deac9195f4ac475c3908879d307858a2f0dc5c96f
SSDEEP

3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUakD5bf:0/MEfuN0t8C5oFsoeRM3o0jG9

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2852 2540 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2852	2540	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2976 wrote to memory of 2540	2976	rundll32.exe	rundll32.exe
PID 2976 wrote to memory of 2540	2976	rundll32.exe	rundll32.exe
PID 2976 wrote to memory of 2540	2976	rundll32.exe	rundll32.exe
PID 2976 wrote to memory of 2540	2976	rundll32.exe	rundll32.exe
PID 2976 wrote to memory of 2540	2976	rundll32.exe	rundll32.exe
PID 2976 wrote to memory of 2540	2976	rundll32.exe	rundll32.exe
PID 2976 wrote to memory of 2540	2976	rundll32.exe	rundll32.exe
PID 2540 wrote to memory of 2852	2540	rundll32.exe	WerFault.exe
PID 2540 wrote to memory of 2852	2540	rundll32.exe	WerFault.exe
PID 2540 wrote to memory of 2852	2540	rundll32.exe	WerFault.exe
PID 2540 wrote to memory of 2852	2540	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 228
3⤵
- Program crash
PID:2852