5b069730bc71742f5cd858ba10123286819b7c3065a7be7e646693f043cc6469

Analysis

max time kernel
20s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:33

Target

5b069730bc71742f5cd858ba10123286819b7c3065a7be7e646693f043cc6469.dll
Size

60KB
MD5

6bd43793d7c3bd9fb314e5b18dc52938
SHA1

b3fc22ce03b4c63d4201cc9842bb5be025319b75
SHA256

5b069730bc71742f5cd858ba10123286819b7c3065a7be7e646693f043cc6469
SHA512

53b063a243864523100351636c76e358b4b54ac24a1b73dfcc1433a0038039301f518556bb6fee846d97a6ff50684867dcf816e42b61296e52a888bf47561dec
SSDEEP

1536:JpcvBq2h8vA6RT1KsApfG5Q3UNkWlO6EbOKJrNhJc62ZxC:Jp+hL0TkPMQEpl4OKtNhxQxC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4844	3080	WerFault.exe	77

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 3080	2876	rundll32.exe	77
PID 2876 wrote to memory of 3080	2876	rundll32.exe	77
PID 2876 wrote to memory of 3080	2876	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b069730bc71742f5cd858ba10123286819b7c3065a7be7e646693f043cc6469.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b069730bc71742f5cd858ba10123286819b7c3065a7be7e646693f043cc6469.dll,#1
  2⤵
  PID:3080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 544
    3⤵
    - Program crash
    PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3080 -ip 3080
1⤵
PID:4228

memory/3080-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download