05fdf9c9f83c60c59d0643a69bff3398df92f9c447c0087e164bd21d5efca041

Analysis

max time kernel
93s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 17:03

Target

05fdf9c9f83c60c59d0643a69bff3398df92f9c447c0087e164bd21d5efca041.dll
Size

89KB
MD5

6738d0da9684903c7b5e92a1e7c6208b
SHA1

ebde41e0964567bf896e496889f16029f07b52fe
SHA256

05fdf9c9f83c60c59d0643a69bff3398df92f9c447c0087e164bd21d5efca041
SHA512

70385ffdfc0f22807fd21993216a06a6ecca0e06aaeebdd7be5662c8ed4d0c6e7ada5dac6ffad30b673b35970576d7023ef1c89d33b9cc9ba751e0b7eea4de01
SSDEEP

1536:mpAvGJ0JaXb4aH1gBinQGK7PYhqbywxOQL8meli4mgkfbCZ7O603ywg1bSX+1d:mpAvj83YnPP7oQLglWfb67O6bwg1bSXU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2256	5012	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 5012	624	rundll32.exe	82
PID 624 wrote to memory of 5012	624	rundll32.exe	82
PID 624 wrote to memory of 5012	624	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05fdf9c9f83c60c59d0643a69bff3398df92f9c447c0087e164bd21d5efca041.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05fdf9c9f83c60c59d0643a69bff3398df92f9c447c0087e164bd21d5efca041.dll,#1
  2⤵
  PID:5012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 628
    3⤵
    - Program crash
    PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5012 -ip 5012
1⤵
PID:2332