721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 01:19

Target

721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605.dll
Size

101KB
MD5

719728ed5fbe276eba27164d225ba7c0
SHA1

df8da8d3d93635890157955e078fb66d316b4e88
SHA256

721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605
SHA512

2f3df322559b4e9fbc29ef61095f0c575932a30ec869e1590361ec5b288974d8f27bd0e08af7d92f89e2466caee34dee2ad21ca9e6475568e5c0eb51fded880f
SSDEEP

1536:Ge7i1cbcaD0KZqLCQ7jro+lfFQKt4v1uQU11dFfRD3qYKS7wGWk5Ma6Pznds3mwm:Gmi1MQKZWCQ9ltGYXdvzW3DyJSqel

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	3280	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3280	1936	rundll32.exe	81
PID 1936 wrote to memory of 3280	1936	rundll32.exe	81
PID 1936 wrote to memory of 3280	1936	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\721f77096d150d3bad3948d5991e3022aeeac7ccae21b40b24644f63c9a0a605.dll,#1
  2⤵
  PID:3280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 796
    3⤵
    - Program crash
    PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3280 -ip 3280
1⤵
PID:3060

memory/3280-133-0x0000000075270000-0x00000000752DA000-memory.dmp

Filesize
424KB

Download
memory/3280-134-0x0000000075270000-0x00000000752DA000-memory.dmp

Filesize
424KB

Download