260e25ef0c69082fa9e203b038d99d1b8529422d0f22438d60a27f951fc630f9

Analysis

max time kernel
87s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:34

Target

260e25ef0c69082fa9e203b038d99d1b8529422d0f22438d60a27f951fc630f9.dll
Size

52KB
MD5

48ea11aa0132b10edd99702badaa1449
SHA1

48d2ab85e1fe62850a734ac38c7695e9dae6e87c
SHA256

260e25ef0c69082fa9e203b038d99d1b8529422d0f22438d60a27f951fc630f9
SHA512

bafd9a27f31355146fc59ee63a088049e47a891783d75fed98851cecebf489aae3e5a126171d34b3abe85d721de16c54e5796e952fc468b704cbd2eae8b4af97
SSDEEP

1536:uwoq+LsVXPTtDah1wUUQ9USM9jCLu3Rc4482ydpfr:hN+oVXwUQuSM9jCLuTY8pfr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5084	3052	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 3052	2800	rundll32.exe	83
PID 2800 wrote to memory of 3052	2800	rundll32.exe	83
PID 2800 wrote to memory of 3052	2800	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\260e25ef0c69082fa9e203b038d99d1b8529422d0f22438d60a27f951fc630f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\260e25ef0c69082fa9e203b038d99d1b8529422d0f22438d60a27f951fc630f9.dll,#1
  2⤵
  PID:3052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 560
    3⤵
    - Program crash
    PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3052 -ip 3052
1⤵
PID:4640

memory/3052-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download