c248ee5705be99cfca4908edfed658d5de8c4679e142ddc3e0ff4667ebd0d1de

Analysis

max time kernel
126s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2022 09:28

Target

c248ee5705be99cfca4908edfed658d5de8c4679e142ddc3e0ff4667ebd0d1de.dll
Size

402KB
MD5

663520f359b85e69ee8e72fb30d97040
SHA1

46c41e200510354d756294b7913461cb6aacf772
SHA256

c248ee5705be99cfca4908edfed658d5de8c4679e142ddc3e0ff4667ebd0d1de
SHA512

a858313cc121a58d1315efc9504061c3375252efad1dd3ef06e80b4599ca0692b5091c3a150a9f706774b01039617cb8742d052bbcd90a7e7f4718fe18cf686c
SSDEEP

12288:uyt+xo/6NrSaCrVu4W1dTdxGmnOdc6aEK:uyn+eYdTH7kcZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1520	1228	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 1228	1240	rundll32.exe	84
PID 1240 wrote to memory of 1228	1240	rundll32.exe	84
PID 1240 wrote to memory of 1228	1240	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c248ee5705be99cfca4908edfed658d5de8c4679e142ddc3e0ff4667ebd0d1de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c248ee5705be99cfca4908edfed658d5de8c4679e142ddc3e0ff4667ebd0d1de.dll,#1
  2⤵
  PID:1228
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 688
    3⤵
    - Program crash
    PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1228 -ip 1228
1⤵
PID:1488

memory/1228-133-0x00000000020E0000-0x0000000002160000-memory.dmp

Filesize
512KB

Download
memory/1228-134-0x0000000002160000-0x00000000021AB000-memory.dmp

Filesize
300KB

Download