50fc6453d71d9c237442d982f7ab43d1565ac5159d0167b30728a227707678ec

Analysis

max time kernel
91s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2022, 10:29

Target

50fc6453d71d9c237442d982f7ab43d1565ac5159d0167b30728a227707678ec.dll
Size

372KB
MD5

cde08ea519ef8c98dba252b9eb0b8697
SHA1

0711f3da017f740a784fe1da30f760ca1f351500
SHA256

50fc6453d71d9c237442d982f7ab43d1565ac5159d0167b30728a227707678ec
SHA512

9ededa2f8ef55445fd635a905183caad54ae7de008f46ddba418a7253640eaf24c90e3d11938c709b4e872dd7ecc31fce680ce1674b1b30c74fb6b0f0e2a0eba
SSDEEP

6144:exlbUnDqwvD9Buid1qPRc4A5y2POJH2tDObNRFzRIOXteOuJ+QVkl:KUDqwvDL064EygKH24Fz2i2JY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1140	4432	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 4432	3916	rundll32.exe	79
PID 3916 wrote to memory of 4432	3916	rundll32.exe	79
PID 3916 wrote to memory of 4432	3916	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50fc6453d71d9c237442d982f7ab43d1565ac5159d0167b30728a227707678ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50fc6453d71d9c237442d982f7ab43d1565ac5159d0167b30728a227707678ec.dll,#1
  2⤵
  PID:4432
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 636
    3⤵
    - Program crash
    PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4432 -ip 4432
1⤵
PID:2804