efa0d4a79c4c971c680ef8020bb526b07a13061f4eb68ee6f5af9e42c6364bd8

Resubmissions

18-03-2022 14:51

17-03-2022 16:15

Target

efa0d4a79c4c971c680ef8020bb526b07a13061f4eb68ee6f5af9e42c6364bd8.dll
Size

1.1MB
MD5

9f9c2bdf45f6a9940555fd1f009701ac
SHA1

bd5b31a61969f10bada83618b27af8f3edf1cfc4
SHA256

efa0d4a79c4c971c680ef8020bb526b07a13061f4eb68ee6f5af9e42c6364bd8
SHA512

afaad1c71f2fd02b9c4641f640a0d39f07a4578b3f2f598be8626345eccde46290335e3c1fbc46a9c68a84640f8da012bc84c957b049f051860d4c0058007443

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1492	2164	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 2164	4616	rundll32.exe	82
PID 4616 wrote to memory of 2164	4616	rundll32.exe	82
PID 4616 wrote to memory of 2164	4616	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\efa0d4a79c4c971c680ef8020bb526b07a13061f4eb68ee6f5af9e42c6364bd8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\efa0d4a79c4c971c680ef8020bb526b07a13061f4eb68ee6f5af9e42c6364bd8.dll,#1
  2⤵
  PID:2164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 620
    3⤵
    - Program crash
    PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2164 -ip 2164
1⤵
PID:4688

memory/2164-134-0x0000000000F10000-0x0000000000F45000-memory.dmp

Filesize
212KB

Download
memory/2164-135-0x0000000002B70000-0x0000000002BA3000-memory.dmp

Filesize
204KB

Download