670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392

Analysis

max time kernel
94s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 15:57

Target

670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll
Size

68KB
MD5

90fee9b73bee1934ce5f51f91295a02c
SHA1

391117c8c230176d18c0f3c40145798d91eedb2c
SHA256

670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392
SHA512

cda5b1a8c7f52046b6ad0a8aa1ea37430f3fca3af35fc616afbf89cfa87f78cb599c87de9b01a48ef48f686be4273d83cf5366e5202806ff867915916e199d62
SSDEEP

1536:JpcvBq2h8vA15cY3iMXYgDbSX9oz7BW9R84:Jp+hL1iY3DWNIBW9y4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4704	4540	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 4540	2924	rundll32.exe	78
PID 2924 wrote to memory of 4540	2924	rundll32.exe	78
PID 2924 wrote to memory of 4540	2924	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll,#1
  2⤵
  PID:4540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 544
    3⤵
    - Program crash
    PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4540 -ip 4540
1⤵
PID:4604

memory/4540-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download