ef590fb7dddd31987f897b3b859062b772111cf3f99c85f43c73c707b5ac665c

Analysis

max time kernel
86s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2022 22:44

Target

ef590fb7dddd31987f897b3b859062b772111cf3f99c85f43c73c707b5ac665c.dll
Size

16KB
MD5

7eee6e2d8e858442154ae93d19272260
SHA1

6d545017edcc07f67e4be5df0d344429f12430d0
SHA256

ef590fb7dddd31987f897b3b859062b772111cf3f99c85f43c73c707b5ac665c
SHA512

949de2221dfb26e29669b0906434f4471c42c431bebf53223c1dc324e0431fc1f420b50d93ab96f7e1c897e425cf6e321fe5d1cee6c987f8c1eb380be17e053e
SSDEEP

192:nioQ61A/0LiQxqfKD6VkagfWhiQ7SMrZ4l96wCfQFinJcwnHNj70MECIsCvQjcWF:Mx0iQxqslQmT9qYFKcsJqvAzel/m

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4496	4576	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 4576	4216	rundll32.exe	80
PID 4216 wrote to memory of 4576	4216	rundll32.exe	80
PID 4216 wrote to memory of 4576	4216	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef590fb7dddd31987f897b3b859062b772111cf3f99c85f43c73c707b5ac665c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef590fb7dddd31987f897b3b859062b772111cf3f99c85f43c73c707b5ac665c.dll,#1
  2⤵
  PID:4576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 576
    3⤵
    - Program crash
    PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4576 -ip 4576
1⤵
PID:1948

memory/4576-132-0x0000000000000000-mapping.dmp

Download
memory/4576-133-0x0000000000541000-0x0000000000544000-memory.dmp

Filesize
12KB

Download