1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 14:24

Target

1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41.dll
Size

218KB
MD5

12f569ef433933aa962930face9d86d5
SHA1

121a28c2b987756916acb5b2ff3bcf1f678e9156
SHA256

1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41
SHA512

4e4cff47d92cdb7a17eb77dedad7a664fba125866a723ba7739161d093565e3ad2a32221e7ee0fea838cbb03bb868c5e9694c613583a5c7018c8b8554a7aaf52
SSDEEP

3072:4fyTFpiSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUh5zoBS:4flD4ktiD8UI8I66C+6AsXnifujR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2912	2860	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2860	2064	rundll32.exe	28
PID 2064 wrote to memory of 2860	2064	rundll32.exe	28
PID 2064 wrote to memory of 2860	2064	rundll32.exe	28
PID 2064 wrote to memory of 2860	2064	rundll32.exe	28
PID 2064 wrote to memory of 2860	2064	rundll32.exe	28
PID 2064 wrote to memory of 2860	2064	rundll32.exe	28
PID 2064 wrote to memory of 2860	2064	rundll32.exe	28
PID 2860 wrote to memory of 2912	2860	rundll32.exe	29
PID 2860 wrote to memory of 2912	2860	rundll32.exe	29
PID 2860 wrote to memory of 2912	2860	rundll32.exe	29
PID 2860 wrote to memory of 2912	2860	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 228
    3⤵
    - Program crash
    PID:2912