a0bdad7a0007745e18a59de1ab53abe5bae19b4d89e11c17e0be1e58848ccdcb

Analysis

max time kernel
144s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 08:22

Target

a0bdad7a0007745e18a59de1ab53abe5bae19b4d89e11c17e0be1e58848ccdcb.dll
Size

33KB
MD5

4bc4951eb5810aff3b0955f2ee3f9c8d
SHA1

7149cdf688d380a42874095ff5eb19b63587c7b1
SHA256

a0bdad7a0007745e18a59de1ab53abe5bae19b4d89e11c17e0be1e58848ccdcb
SHA512

51c9b9f39c2864800d4d46b11c0f364a6f49446c216691f81501adb6ed546ac4a3f468cd35d5c43713d0140fda6b3605d4ca2466cb5672f5de45164971acb1eb
SSDEEP

384:RwTYWtWypKMmCx37XcrBsHTl+jEujjKJ1oXkpzvl1d/4b:TPmlXwwh+jEujKJ1oXktvl1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5004	5056	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 5056	4924	rundll32.exe	82
PID 4924 wrote to memory of 5056	4924	rundll32.exe	82
PID 4924 wrote to memory of 5056	4924	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0bdad7a0007745e18a59de1ab53abe5bae19b4d89e11c17e0be1e58848ccdcb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0bdad7a0007745e18a59de1ab53abe5bae19b4d89e11c17e0be1e58848ccdcb.dll,#1
  2⤵
  PID:5056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 652
    3⤵
    - Program crash
    PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5056 -ip 5056
1⤵
PID:2088