18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282

Analysis

max time kernel
128s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 17:54

Target

18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll
Size

141KB
MD5

54c3bda317339b44de91748141e3cb63
SHA1

32dcebcca25b159912b43c5f91017c975dfd93d0
SHA256

18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282
SHA512

eeacb5a4003b90567002d4033c41db81af7eefa611054fae1b7d023a11e12e7093346aff7c241f779fe6d2368d3587bbf53d7b2738f0f3bf6a0e202f6e89dd0b
SSDEEP

3072:6pjssOKcqQ2ddP76yqWMTzK6wgCy9Y8Xb8Y+o/:6psXVjsV+yZMim8Yn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2584	2548	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 2548	4496	rundll32.exe	80
PID 4496 wrote to memory of 2548	4496	rundll32.exe	80
PID 4496 wrote to memory of 2548	4496	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll,#1
  2⤵
  PID:2548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 572
    3⤵
    - Program crash
    PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2548 -ip 2548
1⤵
PID:4972

memory/2548-133-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download