fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130

Analysis

max time kernel
171s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 05:36

Target

fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll
Size

180KB
MD5

4a17c4c5e92767295c8178374eedc580
SHA1

46931156840d571d8176d56109fc1571fb3f2b7b
SHA256

fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130
SHA512

c38c8855df21a675dc7ae5531bda70de3a19d713d92d8cbb0b11c35ce2e68be8abf5f722e9f2487cb7a779630b6f9050db1b81e9b0572cebd1170c5bacdb9565
SSDEEP

1536:SxtFX0sTdAiM82kT0Vffug2gciLDn2oQLRs2xUyfocl6p6o0/iad4kcA9SqAkeNX:yBTd9GVto7oQVs2Cyff26o0bZ9Sv1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1792	2524	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 2524	3364	rundll32.exe	81
PID 3364 wrote to memory of 2524	3364	rundll32.exe	81
PID 3364 wrote to memory of 2524	3364	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll,#1
  2⤵
  PID:2524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 568
    3⤵
    - Program crash
    PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2524 -ip 2524
1⤵
PID:4500