3b3fe600c845fdd71a7601084b27ff1c861007e02e8821326fe98c99e95293d8

Analysis

max time kernel
118s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 07:38

Target

3b3fe600c845fdd71a7601084b27ff1c861007e02e8821326fe98c99e95293d8.dll
Size

53KB
MD5

5527862cf1a8d1ed9235fe95a9af964c
SHA1

4414eda464f2acad7e3fad0c1e8586070351eb97
SHA256

3b3fe600c845fdd71a7601084b27ff1c861007e02e8821326fe98c99e95293d8
SHA512

d12f22f082d9b3202ca9407311eabbba10186ce42c33f1c1cc6570acd33f704435d6bc5c013150c02fc479192bf26c4178fb35f093923ba89f27cf05c12b2cad
SSDEEP

1536:Zwoq+LsVXP7bVHTPNmYLWk8HN1uEwS8rS/G:ON+oVXNHTPK7fJeS/G

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	3968	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 3968	3364	rundll32.exe	81
PID 3364 wrote to memory of 3968	3364	rundll32.exe	81
PID 3364 wrote to memory of 3968	3364	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b3fe600c845fdd71a7601084b27ff1c861007e02e8821326fe98c99e95293d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b3fe600c845fdd71a7601084b27ff1c861007e02e8821326fe98c99e95293d8.dll,#1
  2⤵
  PID:3968
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 544
    3⤵
    - Program crash
    PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3968 -ip 3968
1⤵
PID:4984

memory/3968-136-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download