e7bbf1217c3d34b83118e195061dd2cee8821a26bdc96621dd434d00d337ca49

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 22:02

Target

e7bbf1217c3d34b83118e195061dd2cee8821a26bdc96621dd434d00d337ca49.dll
Size

20KB
MD5

359b691af88a563edcc7455ae52bbd32
SHA1

4c696843b159811cac20b827bfb01872fc949d92
SHA256

e7bbf1217c3d34b83118e195061dd2cee8821a26bdc96621dd434d00d337ca49
SHA512

89553fb4f9d91ea6265889b04409d3094019d3abfdc5d2ca85f18b5e3ff39146ce5b0d07f4a41699ee9d7eae03f77360af626cf573b7f55e52d647977449ff8f
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplGCAu8UaWHuqaTlX0wG:zfYh2oCtpXPGx2OqaewG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	3480	WerFault.exe	34

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3480	rundll32.exe
3480	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3480	5072	rundll32.exe	34
PID 5072 wrote to memory of 3480	5072	rundll32.exe	34
PID 5072 wrote to memory of 3480	5072	rundll32.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7bbf1217c3d34b83118e195061dd2cee8821a26bdc96621dd434d00d337ca49.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7bbf1217c3d34b83118e195061dd2cee8821a26bdc96621dd434d00d337ca49.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 624
    3⤵
    - Program crash
    PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3480 -ip 3480
1⤵
PID:828