78ea1cc56cc38ca8f572faf3c0829684c63df93e71ef3091b567de1313a5c87b

Analysis

max time kernel
160s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 14:41

Target

78ea1cc56cc38ca8f572faf3c0829684c63df93e71ef3091b567de1313a5c87b.dll
Size

395KB
MD5

7964148e8c15d3aa4d12bc4be0fb81c0
SHA1

d544f296f67812e4b200434456d18ceca98e815a
SHA256

78ea1cc56cc38ca8f572faf3c0829684c63df93e71ef3091b567de1313a5c87b
SHA512

9a036599f73ea2dab099109d29fb9732c6365f7c18860d43b1197e90458439c14a3013e6ff2f61fb6647bd3988af1b1d5682f07009f682a632af40e199e5f713
SSDEEP

6144:2P+NbVklNXD42QXhtgn03k35946hYu8+cOGJ:8+Nul6R6PbhlGJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3908	1548	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1548	2068	rundll32.exe	81
PID 2068 wrote to memory of 1548	2068	rundll32.exe	81
PID 2068 wrote to memory of 1548	2068	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78ea1cc56cc38ca8f572faf3c0829684c63df93e71ef3091b567de1313a5c87b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\78ea1cc56cc38ca8f572faf3c0829684c63df93e71ef3091b567de1313a5c87b.dll,#1
  2⤵
  PID:1548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 676
    3⤵
    - Program crash
    PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1548 -ip 1548
1⤵
PID:1804

memory/1548-132-0x0000000000000000-mapping.dmp

Download
memory/1548-133-0x0000000000A40000-0x0000000000AA5000-memory.dmp

Filesize
404KB

Download
memory/1548-134-0x0000000000A41000-0x0000000000A80000-memory.dmp

Filesize
252KB

Download