ea97909114782fe299ddb05c011d5170ed6f4e42108342601554a3ae1a9cddee

Analysis

max time kernel
120s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 17:40

Target

ea97909114782fe299ddb05c011d5170ed6f4e42108342601554a3ae1a9cddee.dll
Size

256KB
MD5

dcab9b066e9b628f405c8c4a8ff0e209
SHA1

6a4f97ed462ccc3db57b13d9504ef83724f9d69e
SHA256

ea97909114782fe299ddb05c011d5170ed6f4e42108342601554a3ae1a9cddee
SHA512

a957fcca66de1eb1d249de2e8a32a1f786f9c51266059e4fb9d2d66e9e3708a5caedaa465e6b5cc7f639a0d0cc9051a4ccf922637ac454a06dee79d5442e02e8
SSDEEP

6144:o5oel3SgsNqvH5uS2LffI2sspbNtjp19AeU6teI:Ul3SghxRkf9sybNR7iz6t

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4392	2240	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 2240	4948	rundll32.exe	81
PID 4948 wrote to memory of 2240	4948	rundll32.exe	81
PID 4948 wrote to memory of 2240	4948	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea97909114782fe299ddb05c011d5170ed6f4e42108342601554a3ae1a9cddee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea97909114782fe299ddb05c011d5170ed6f4e42108342601554a3ae1a9cddee.dll,#1
  2⤵
  PID:2240
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 592
    3⤵
    - Program crash
    PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2240 -ip 2240
1⤵
PID:1120