38ef001f26cac2042dbb4b0b37a7abfc56cea17cdf8bc435b650db099ce094f0

Analysis

max time kernel
107s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 13:47

Target

38ef001f26cac2042dbb4b0b37a7abfc56cea17cdf8bc435b650db099ce094f0.dll
Size

457KB
MD5

659887f42dac8531ae63b16a9ce645e6
SHA1

9182aff319c833f34a66e7d92cf537b9c0b13dd8
SHA256

38ef001f26cac2042dbb4b0b37a7abfc56cea17cdf8bc435b650db099ce094f0
SHA512

a55157e8d7749c263788f9988e93163f748a0516700cafac7186f8aa41677598ce59e25107c8317a185cd3cb343cf04df12b86bfb1487451865ebdef47797340
SSDEEP

12288:8k6R34HL5ISxJqAhgi9E2XxfNe4p0wognf9d29zZ:8kWIlI5AE2XxfoI0Xgnn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4436	408	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 408	3160	rundll32.exe	78
PID 3160 wrote to memory of 408	3160	rundll32.exe	78
PID 3160 wrote to memory of 408	3160	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ef001f26cac2042dbb4b0b37a7abfc56cea17cdf8bc435b650db099ce094f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ef001f26cac2042dbb4b0b37a7abfc56cea17cdf8bc435b650db099ce094f0.dll,#1
  2⤵
  PID:408
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 596
    3⤵
    - Program crash
    PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 408 -ip 408
1⤵
PID:4124