c24ec9593eff0afa82206827d72ccc628a87a7e0b7ada3d1cdbcefc51a1a47df

Analysis

max time kernel
83s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 06:28

Target

c24ec9593eff0afa82206827d72ccc628a87a7e0b7ada3d1cdbcefc51a1a47df.dll
Size

112KB
MD5

02678e157a9514796c7171f942b32857
SHA1

74b90372fa5be6df4cedcace5a8f817b5299208a
SHA256

c24ec9593eff0afa82206827d72ccc628a87a7e0b7ada3d1cdbcefc51a1a47df
SHA512

c2079c0e188af6b4fb9fa6f8bdc92cb9258f54920cdf2f81d776137db0a74e1c8447e16a486549f72fa9e9fe8794e8880795cdd344de14a965095c8946cb7914
SSDEEP

3072:+gAG47YsyLGiB4Xu8Q5ddAPbbcSezwU861IY:+gA7YsyyZe4PcVwFu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3200	2432	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 2432	4872	rundll32.exe	83
PID 4872 wrote to memory of 2432	4872	rundll32.exe	83
PID 4872 wrote to memory of 2432	4872	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c24ec9593eff0afa82206827d72ccc628a87a7e0b7ada3d1cdbcefc51a1a47df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c24ec9593eff0afa82206827d72ccc628a87a7e0b7ada3d1cdbcefc51a1a47df.dll,#1
  2⤵
  PID:2432
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 636
    3⤵
    - Program crash
    PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2432 -ip 2432
1⤵
PID:1296

memory/2432-133-0x00000000005D0000-0x00000000005F5000-memory.dmp

Filesize
148KB

Download