c80470447efac8f0d376f83bee7abb555e40241b4bf79f205a34a0be2bfba426

Analysis

max time kernel
112s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2022, 21:05

Target

c80470447efac8f0d376f83bee7abb555e40241b4bf79f205a34a0be2bfba426.dll
Size

161KB
MD5

c6c9276e2aa0e26631019fdb002d4dff
SHA1

17fbdaebf926705926f31fb742c7c5bbd699c710
SHA256

c80470447efac8f0d376f83bee7abb555e40241b4bf79f205a34a0be2bfba426
SHA512

358e75e51e6748a9e0bbf88f1e807a4bee6d08684cd5d69d9785a0ff0916bb8753da29bf9728e1bc651e92079ae3ef16608ec9f3d2f0a44b0407d454675874f2
SSDEEP

3072:6T64VoI67r1d8eLlvJ9YTBj1BQEauAbV+tEn5J/NRsgCX/X/aNT:6T6tdd8klfYVXQwAbln52lXG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1408	532	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 532	4900	rundll32.exe	82
PID 4900 wrote to memory of 532	4900	rundll32.exe	82
PID 4900 wrote to memory of 532	4900	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c80470447efac8f0d376f83bee7abb555e40241b4bf79f205a34a0be2bfba426.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c80470447efac8f0d376f83bee7abb555e40241b4bf79f205a34a0be2bfba426.dll,#1
  2⤵
  PID:532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 708
    3⤵
    - Program crash
    PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 532 -ip 532
1⤵
PID:4240

memory/532-133-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download