2393bcc3d7ce1692daf5f1a19eb2feb782d39c63cd9256e3fb96b1abcc3dc661

Analysis

max time kernel
112s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 19:48

Target

2393bcc3d7ce1692daf5f1a19eb2feb782d39c63cd9256e3fb96b1abcc3dc661.dll
Size

293KB
MD5

0a7cc451fecc1f07277fd7a47141bd1c
SHA1

418308b5f529293b537c96ae1e23109827b9d5cd
SHA256

2393bcc3d7ce1692daf5f1a19eb2feb782d39c63cd9256e3fb96b1abcc3dc661
SHA512

873735c243fe4e824c4034a58f170dedc1ed97863c16dd56fd3ce8996c72a424c6afc2c7f12bb5b6449a302811f0330d14e8b7347c14854418c6b5e57100c378
SSDEEP

6144:bXztUh19gGaO4HCEfBmqO/JO9YZzovGSkGBOEy1zqAHC:lyOiWBmTkyBS61nHC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3996	4372	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 4372	3212	rundll32.exe	81
PID 3212 wrote to memory of 4372	3212	rundll32.exe	81
PID 3212 wrote to memory of 4372	3212	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2393bcc3d7ce1692daf5f1a19eb2feb782d39c63cd9256e3fb96b1abcc3dc661.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2393bcc3d7ce1692daf5f1a19eb2feb782d39c63cd9256e3fb96b1abcc3dc661.dll,#1
  2⤵
  PID:4372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 656
    3⤵
    - Program crash
    PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4372 -ip 4372
1⤵
PID:1100

memory/4372-134-0x0000000001F80000-0x0000000001FFD000-memory.dmp

Filesize
500KB

Download
memory/4372-133-0x0000000001F80000-0x0000000001FFD000-memory.dmp

Filesize
500KB

Download
memory/4372-135-0x0000000001F80000-0x0000000001FFD000-memory.dmp

Filesize
500KB

Download