31ac1990955fb4e2244ef340fc07f65f1ded3561ff488f121fb1219117233019

Analysis

max time kernel
136s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 04:58

Target

31ac1990955fb4e2244ef340fc07f65f1ded3561ff488f121fb1219117233019.dll
Size

112KB
MD5

685e8e40bdac05125c6beb1247b3e79d
SHA1

b3f5b21b7f14802071f1e8e5410115bc3621d2d4
SHA256

31ac1990955fb4e2244ef340fc07f65f1ded3561ff488f121fb1219117233019
SHA512

acd86103cf1d327d552f2f58a3e6968a6b6ab7b66e4259e53a5607037759fd1e3e7579dc8eba8cff6454762a31f2fe1853ea7ff5e15be2b97669094985ab0bc0
SSDEEP

3072:+gAG47YsyLGiB4Xu8Q5ddAPbbcSezwU861IY:+gA7YsyyZe4PcVwFm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4360	4368	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 4368	992	rundll32.exe	84
PID 992 wrote to memory of 4368	992	rundll32.exe	84
PID 992 wrote to memory of 4368	992	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31ac1990955fb4e2244ef340fc07f65f1ded3561ff488f121fb1219117233019.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31ac1990955fb4e2244ef340fc07f65f1ded3561ff488f121fb1219117233019.dll,#1
  2⤵
  PID:4368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 636
    3⤵
    - Program crash
    PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4368 -ip 4368
1⤵
PID:4248