0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4

Analysis

max time kernel
49s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2022, 00:56

Target

0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll
Size

76KB
MD5

20aa27036fda116cf29ac449b7ed78f5
SHA1

b6685fd04b74a8da91bbfd4d185649a31424945b
SHA256

0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4
SHA512

e78b497f52e74b414da5976330c2b9aba197e3249f948266dcf75243ee0425a2d2d5d81b0f279de21fc83b08336a3674c580a7ab6cd2463be631b69da55d9c34
SSDEEP

1536:U21tgmSiRUEaS/wZFzWZOG5nPAqr0/Q8QuiF1FmCg6wFRfm:Uo2iJ5IZFCz1oK8Cgbm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4856	4064	WerFault.exe	76

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4064	4424	rundll32.exe	76
PID 4424 wrote to memory of 4064	4424	rundll32.exe	76
PID 4424 wrote to memory of 4064	4424	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll,#1
  2⤵
  PID:4064
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 580
    3⤵
    - Program crash
    PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4064 -ip 4064
1⤵
PID:4860

memory/4064-133-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/4064-134-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download