75ec3f2db4ab24cb7d76f600b7d0c422f1e7ad9bdbddbc7383bf442232c0ef26

Analysis

max time kernel
141s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 09:25

Target

75ec3f2db4ab24cb7d76f600b7d0c422f1e7ad9bdbddbc7383bf442232c0ef26.dll
Size

315KB
MD5

7111661bb25a95fde0fa3e639da69beb
SHA1

e9fe547a1af50b05a3f31015568f2178ce5240c3
SHA256

75ec3f2db4ab24cb7d76f600b7d0c422f1e7ad9bdbddbc7383bf442232c0ef26
SHA512

b56605f902c3967d91b1390b5e8e37fc9d6bedd7a532a31d79fd3d62f0fc787eb4a75878d0b1f935c3432adb372bf1e47fbf9992f454fff08f1e288fe3b9f1f1
SSDEEP

6144:Cgo2cmVLxDlIUlxXj6kxm+31odUT23mlAxfBZ9ef25fX3aw8q:Cg9dLhl15oma5xZvTP3Qq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4312	2868	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 2868	3472	rundll32.exe	79
PID 3472 wrote to memory of 2868	3472	rundll32.exe	79
PID 3472 wrote to memory of 2868	3472	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75ec3f2db4ab24cb7d76f600b7d0c422f1e7ad9bdbddbc7383bf442232c0ef26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\75ec3f2db4ab24cb7d76f600b7d0c422f1e7ad9bdbddbc7383bf442232c0ef26.dll,#1
  2⤵
  PID:2868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 548
    3⤵
    - Program crash
    PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2868 -ip 2868
1⤵
PID:5004

memory/2868-133-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download