cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6

Analysis

max time kernel
137s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 12:14

Target

cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6.dll
Size

507KB
MD5

67e9c80dc1bc31549fbde95e082ec522
SHA1

589a0511a3fbdb2556d09941e2e3839a3ae1fef5
SHA256

cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6
SHA512

1ef0e9ea7be3e88e1a78e8afda3ee37c9011d433b669b26e42451173b94eff32017dcd2acc1df6e5c5236d2e97a9a478a6e0e43b29558bc02cfe765fc977841f
SSDEEP

12288:0MwVOnc2oPKebOm9J1s3TzhxQBNDnh3lINEKWA2:G0c24haEs3BuBNDnZihr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4820	376	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 376	5092	rundll32.exe	81
PID 5092 wrote to memory of 376	5092	rundll32.exe	81
PID 5092 wrote to memory of 376	5092	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6.dll,#1
  2⤵
  PID:376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 588
    3⤵
    - Program crash
    PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 376 -ip 376
1⤵
PID:4624