0fd7c802921fc372ceb175b43ad3d39de329efdb25f591d25fd55ad75eeda72f

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 08:36

Target

0fd7c802921fc372ceb175b43ad3d39de329efdb25f591d25fd55ad75eeda72f.dll
Size

498KB
MD5

0ba3890988fecdcd559861a16f711e3e
SHA1

ec3b495924ad9f1b5e73e43c3f81d31910dbb24c
SHA256

0fd7c802921fc372ceb175b43ad3d39de329efdb25f591d25fd55ad75eeda72f
SHA512

90b50297900407f1cfa0d88d85c355ec6524a5a5391de4c5a138a0bb43be1e9ea7c4db2c432331978b562c8c460c1e9392ad8664ae28479a2c1617594d127d52
SSDEEP

6144:7VQBYbskemPro4m9EJhnSRMWVFw/t4ZcWDny60ioHI57oIBpgTZZAO5LNfX:7CaeMo4/62gFye1yj9HI5s5Zbp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5048	3060	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 3060	3440	rundll32.exe	82
PID 3440 wrote to memory of 3060	3440	rundll32.exe	82
PID 3440 wrote to memory of 3060	3440	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fd7c802921fc372ceb175b43ad3d39de329efdb25f591d25fd55ad75eeda72f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fd7c802921fc372ceb175b43ad3d39de329efdb25f591d25fd55ad75eeda72f.dll,#1
  2⤵
  PID:3060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 588
    3⤵
    - Program crash
    PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3060 -ip 3060
1⤵
PID:5088