0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 20:56

Target

0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4.dll
Size

498KB
MD5

68424fe8e0f3e71ab3b0fef45da6f070
SHA1

f3a1cc5f085fcba5a9de34c24fca61f92cab9946
SHA256

0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4
SHA512

3a997b22c402649919ba81225b9cad502809a13424e517c16d61d819c6432aef4fbfd2061365594da78e34c26f1eeb2ca8b1876be1379a1cb7bf2a7c9d194582
SSDEEP

12288:xFG4+ezgc8VwxDnBAHj1Oue6CjA8SraLH10F2oKbRtqfDa+BTT4qx9lU:UHj1Ou7d8S4H1ttqfDa+RT4qx9l

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2828 2128 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2828	2128	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2764 wrote to memory of 2128	2764	rundll32.exe	rundll32.exe
PID 2764 wrote to memory of 2128	2764	rundll32.exe	rundll32.exe
PID 2764 wrote to memory of 2128	2764	rundll32.exe	rundll32.exe
PID 2764 wrote to memory of 2128	2764	rundll32.exe	rundll32.exe
PID 2764 wrote to memory of 2128	2764	rundll32.exe	rundll32.exe
PID 2764 wrote to memory of 2128	2764	rundll32.exe	rundll32.exe
PID 2764 wrote to memory of 2128	2764	rundll32.exe	rundll32.exe
PID 2128 wrote to memory of 2828	2128	rundll32.exe	WerFault.exe
PID 2128 wrote to memory of 2828	2128	rundll32.exe	WerFault.exe
PID 2128 wrote to memory of 2828	2128	rundll32.exe	WerFault.exe
PID 2128 wrote to memory of 2828	2128	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2764

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 220
3⤵
- Program crash
PID:2828