805ef41ba650201693deb6baa2b6212d85c4e7dfb7446b797302f3bff3d3b38f

Analysis

max time kernel
112s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 13:50

Target

805ef41ba650201693deb6baa2b6212d85c4e7dfb7446b797302f3bff3d3b38f.dll
Size

236KB
MD5

910892299d5e2fb95f0cd4390143532f
SHA1

11ad376db0637466eda2f25fa4def54522a718cf
SHA256

805ef41ba650201693deb6baa2b6212d85c4e7dfb7446b797302f3bff3d3b38f
SHA512

e96503277a5281138ddcace468779397c382ba3c8b9d98290f4d54fdf7ab9f0b09196381fdcbecd17d01c4411f2c56b25097f15cabb840f78e6e627493aff28f
SSDEEP

6144:/tkiorAgsiR7BOGL+f6eZQkEcDazVRDGFngEYjNiU+:/twAg3+f6e25TyFnI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2140	4208	WerFault.exe	74

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 4208	4024	rundll32.exe	74
PID 4024 wrote to memory of 4208	4024	rundll32.exe	74
PID 4024 wrote to memory of 4208	4024	rundll32.exe	74

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\805ef41ba650201693deb6baa2b6212d85c4e7dfb7446b797302f3bff3d3b38f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\805ef41ba650201693deb6baa2b6212d85c4e7dfb7446b797302f3bff3d3b38f.dll,#1
  2⤵
  PID:4208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 544
    3⤵
    - Program crash
    PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4208 -ip 4208
1⤵
PID:1384