029bc1f85ddefd69e655090883b26695e0a4e455ae98b99a7552e2b0c5372049

Analysis

max time kernel
92s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 23:39

Target

029bc1f85ddefd69e655090883b26695e0a4e455ae98b99a7552e2b0c5372049.dll
Size

349KB
MD5

4a099757469c2ff27e08705adcd8e681
SHA1

560edf87242881aed6a0f59a8483b9c61a7facca
SHA256

029bc1f85ddefd69e655090883b26695e0a4e455ae98b99a7552e2b0c5372049
SHA512

89af555f17a3f06f07abffa11949e7e374fb33b65ad7a5e577ece4953b0be0efbbbbdb50feabba90512c42ce3a08cba9c2480f2f3ea702c7c70ffa23abb12599
SSDEEP

1536:25ZgXVeaj3rXAyUk2a2kNaULjKJW5u9NSal3NOD///uXXfOWVUtk:25ZgXVMfLGaSeJWUUaROHk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
808	3504	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 3504	1616	rundll32.exe	81
PID 1616 wrote to memory of 3504	1616	rundll32.exe	81
PID 1616 wrote to memory of 3504	1616	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\029bc1f85ddefd69e655090883b26695e0a4e455ae98b99a7552e2b0c5372049.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\029bc1f85ddefd69e655090883b26695e0a4e455ae98b99a7552e2b0c5372049.dll,#1
  2⤵
  PID:3504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 632
    3⤵
    - Program crash
    PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3504 -ip 3504
1⤵
PID:4892

memory/3504-133-0x0000000017DF0000-0x0000000017ED0000-memory.dmp

Filesize
896KB

Download
memory/3504-134-0x0000000017DF0000-0x0000000017ED0000-memory.dmp

Filesize
896KB

Download