7869aefd04fc720314984ac0d887078d001baf7f8c880369dcedbaee0ede9e3f

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-07-2024 22:04

Target

Setup_new/msvcp140.dll
Size

436KB
MD5

3e992e3412b8067cd215b52e6f906b1a
SHA1

4aaff9d969d558d355954131b88b1c250aed5d15
SHA256

c3838cb309a101ca41064358ac65010610064f12aa3d341ea15c4b95e8d525c6
SHA512

b2c92e710c65cfa2ca4a1fd7da9bfee521e450a63ac9070a8524c2f3abfb9ebf06b6567d650c7c69e2ec2066057b61ee4f1bf39ef6ff66e483c1b445883834f9
SSDEEP

12288:eGPa9C9VbL+3Omy5CvyOvzeOKQqhUgiW6QR7t5s03Ooc8dHkC2esGbWg:eGPa90Vbky5CvyUeOKW03Ooc8dHkC2eP

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
2560	3056	WerFault.exe	29

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	Process	procid_target
PID 2512 wrote to memory of 3056	2512	rundll32.exe	29
PID 2512 wrote to memory of 3056	2512	rundll32.exe	29
PID 2512 wrote to memory of 3056	2512	rundll32.exe	29
PID 2512 wrote to memory of 3056	2512	rundll32.exe	29
PID 2512 wrote to memory of 3056	2512	rundll32.exe	29
PID 2512 wrote to memory of 3056	2512	rundll32.exe	29
PID 2512 wrote to memory of 3056	2512	rundll32.exe	29
PID 3056 wrote to memory of 2560	3056	rundll32.exe	30
PID 3056 wrote to memory of 2560	3056	rundll32.exe	30
PID 3056 wrote to memory of 2560	3056	rundll32.exe	30
PID 3056 wrote to memory of 2560	3056	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Setup_new\msvcp140.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Setup_new\msvcp140.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 220
    3⤵
    - Program crash
    PID:2560