62ad5a84a52af7fa94dcf25b38c0dd9afc6800d99f3e0427568422fa7c602b5a

Analysis

max time kernel
150s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 08:45

Target

62ad5a84a52af7fa94dcf25b38c0dd9afc6800d99f3e0427568422fa7c602b5a.dll
Size

88KB
MD5

50e81af1d69b545d274946931cd3784f
SHA1

7f6b0017611213d02c4ae2a3dae8b6eede5652e2
SHA256

62ad5a84a52af7fa94dcf25b38c0dd9afc6800d99f3e0427568422fa7c602b5a
SHA512

5490ceeac278eaf9b18baa9994e807c08f7ec3db77ebe05d11679e208a63157dd1e668e8e46be57e763d92ff30cc8112404b55a9ac50395f0b9396502d0291e1
SSDEEP

1536:DlhnOnTffp438lQa55lFrgRtd8s+PslzUr+o+7himGqksTa3Aa55lFLa55lFFGl+:hhnOnTffpeMRlgRtdYUpwZCimGdxOmCD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3764	4148	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 4148	3504	rundll32.exe	80
PID 3504 wrote to memory of 4148	3504	rundll32.exe	80
PID 3504 wrote to memory of 4148	3504	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62ad5a84a52af7fa94dcf25b38c0dd9afc6800d99f3e0427568422fa7c602b5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62ad5a84a52af7fa94dcf25b38c0dd9afc6800d99f3e0427568422fa7c602b5a.dll,#1
  2⤵
  PID:4148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 572
    3⤵
    - Program crash
    PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4148 -ip 4148
1⤵
PID:1216

memory/4148-133-0x0000000000000000-mapping.dmp

Download
memory/4148-134-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download