a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926

Analysis

max time kernel
142s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 17:54

Target

a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll
Size

102KB
MD5

75428b98daaeb1264a586657f58b83a6
SHA1

685edb26b54f9b5c3269f2e9cce53b5b6d82394b
SHA256

a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926
SHA512

22a22702c7f39cd7ecf04a78649eefb3c3350c9ca3bd66f62fdcb0249bd23c93bc2dc7a7c53184bd59df14f1c1c745755ae1664abd7826f7443ba257de074adc
SSDEEP

3072:+lCzDJFl3fy+g9xMCmGwfroAsYDsvwjFvRvMU:wCz53fy+rCmfy2jMU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4868	3900	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 3900	4284	rundll32.exe	81
PID 4284 wrote to memory of 3900	4284	rundll32.exe	81
PID 4284 wrote to memory of 3900	4284	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll,#1
  2⤵
  PID:3900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 544
    3⤵
    - Program crash
    PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3900 -ip 3900
1⤵
PID:2488