c4026ffeb7f9f7ce2fb079f7cf0341a5c8f2c4297305d6f1653e274c130cca18

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 09:29

Target

91acb3ac8f2732c439a868a0ed3345b0N.dll
Size

48KB
MD5

91acb3ac8f2732c439a868a0ed3345b0
SHA1

1d3b28c4c1491b977cdca236459cc3bab5d93ed8
SHA256

c4026ffeb7f9f7ce2fb079f7cf0341a5c8f2c4297305d6f1653e274c130cca18
SHA512

fcb51f831f9d3f4860086a80e74663e0465dfb11124fd43d41537328b0ba3b3675cad477689ca0b70befdb0a4da2a584c97982a2ae0770a93320fc3002f76206
SSDEEP

768:S3njn3FlxxCWfgi1HMr6LpJhDLSk3/M+b92cBYDB+:Injn3NxnXHtLpJhDLX3/fs9D

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2808	2668	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2668	2304	rundll32.exe	31
PID 2304 wrote to memory of 2668	2304	rundll32.exe	31
PID 2304 wrote to memory of 2668	2304	rundll32.exe	31
PID 2304 wrote to memory of 2668	2304	rundll32.exe	31
PID 2304 wrote to memory of 2668	2304	rundll32.exe	31
PID 2304 wrote to memory of 2668	2304	rundll32.exe	31
PID 2304 wrote to memory of 2668	2304	rundll32.exe	31
PID 2668 wrote to memory of 2808	2668	rundll32.exe	32
PID 2668 wrote to memory of 2808	2668	rundll32.exe	32
PID 2668 wrote to memory of 2808	2668	rundll32.exe	32
PID 2668 wrote to memory of 2808	2668	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91acb3ac8f2732c439a868a0ed3345b0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91acb3ac8f2732c439a868a0ed3345b0N.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 264
    3⤵
    - Program crash
    PID:2808