dcf0e58f4214e848bba0e6e8e9354f1eb718de4b66e9f1e6adbe017dce814059

Analysis

max time kernel
176s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 02:43

Target

dcf0e58f4214e848bba0e6e8e9354f1eb718de4b66e9f1e6adbe017dce814059.dll
Size

261KB
MD5

1e0dfaaa08488f15dcaa226110b925e6
SHA1

47f296af71b932f5da861446fb5bd965b72b1063
SHA256

dcf0e58f4214e848bba0e6e8e9354f1eb718de4b66e9f1e6adbe017dce814059
SHA512

701ba68d45c190e0f4485c5d380b4cb452ec7edbfccf3725597645d4e61009e877e52fa8c4425506c2c25cb40ac2b32a95a8fa736fe21f547af904e9e2ec653b
SSDEEP

6144:8LR7COWEEQOO25JxBsKi55pygTq16fEznSzSa3J:8b/CxBYyJ68SOa3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4284	3796	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 3796	3328	rundll32.exe	78
PID 3328 wrote to memory of 3796	3328	rundll32.exe	78
PID 3328 wrote to memory of 3796	3328	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf0e58f4214e848bba0e6e8e9354f1eb718de4b66e9f1e6adbe017dce814059.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf0e58f4214e848bba0e6e8e9354f1eb718de4b66e9f1e6adbe017dce814059.dll,#1
  2⤵
  PID:3796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 600
    3⤵
    - Program crash
    PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3796 -ip 3796
1⤵
PID:320

memory/3796-133-0x0000000001040000-0x0000000001080000-memory.dmp

Filesize
256KB

Download