272becd82f02e096e1391e87b35269edc0fb90a0f75fd18df346508658df3f24

Analysis

max time kernel
170s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 05:07

Target

272becd82f02e096e1391e87b35269edc0fb90a0f75fd18df346508658df3f24.dll
Size

9KB
MD5

5c8f18c904efa3b56b0ff23080bfd752
SHA1

e78c316bc29510c5cdbf56d5e4aa3e2e6525cc7d
SHA256

272becd82f02e096e1391e87b35269edc0fb90a0f75fd18df346508658df3f24
SHA512

61518ab2b314627367b413a3c44289b4614b4f4f5d39bf5dd4f75137a63b628135fbec12d04f4815d7d6bad47e3fb0c3d1e31e1dc20b3ab1d6c836eb4e3c595a
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34bdS:kuwEt8rsTUtPLzKNWSYWF4bdS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4512	5004	WerFault.exe	75

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 5004	5072	rundll32.exe	75
PID 5072 wrote to memory of 5004	5072	rundll32.exe	75
PID 5072 wrote to memory of 5004	5072	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\272becd82f02e096e1391e87b35269edc0fb90a0f75fd18df346508658df3f24.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\272becd82f02e096e1391e87b35269edc0fb90a0f75fd18df346508658df3f24.dll,#1
  2⤵
  PID:5004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 624
    3⤵
    - Program crash
    PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5004 -ip 5004
1⤵
PID:3812

memory/5004-134-0x00000000005E1000-0x00000000005E3000-memory.dmp

Filesize
8KB

Download
memory/5004-133-0x00000000005E1000-0x00000000005E3000-memory.dmp

Filesize
8KB

Download
memory/5004-135-0x00000000005E0000-0x00000000005E7000-memory.dmp

Filesize
28KB

Download