053576479c81f870666c5da14247a64be12334ae99043985482879b47e4a24e0

Analysis

max time kernel
181s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 07:00

Target

053576479c81f870666c5da14247a64be12334ae99043985482879b47e4a24e0.dll
Size

538KB
MD5

63299a6c9da861b836ec9fe84e7c96f0
SHA1

bca84a67be5ee8708efe26c8df9be3a9f8e87a7c
SHA256

053576479c81f870666c5da14247a64be12334ae99043985482879b47e4a24e0
SHA512

c291195a2d848f67c40314921eeda9b2b900b94038057a6ba5c75ce2a01cd804db55f963fa04083cf5550f39e39ac0277d104e671edf7234e99e39dfe4792052
SSDEEP

6144:OAnjouH12e99Nbg0DGX+DzccDuGd8+gP223wDuYp+1LCZPJIY7d2:L92e993DCGdEPOp+RYIY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
224	4400	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 4400	956	rundll32.exe	80
PID 956 wrote to memory of 4400	956	rundll32.exe	80
PID 956 wrote to memory of 4400	956	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\053576479c81f870666c5da14247a64be12334ae99043985482879b47e4a24e0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\053576479c81f870666c5da14247a64be12334ae99043985482879b47e4a24e0.dll,#1
  2⤵
  PID:4400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 700
    3⤵
    - Program crash
    PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4400 -ip 4400
1⤵
PID:3076