a17579b122037f0598432135257419005abae823ee48fa429142441ea88982ba

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 04:32

Target

a17579b122037f0598432135257419005abae823ee48fa429142441ea88982ba.dll
Size

40KB
MD5

58e3143d586ac5cd7dfb72960de0c60c
SHA1

a10494e4d0e16a657d6662a8aed300739586f70f
SHA256

a17579b122037f0598432135257419005abae823ee48fa429142441ea88982ba
SHA512

d1e3b9c1a49ab74c2041531a58965a919de8ec088e2ae6312c393fe8052439937ba8488c5ba5d973233db611db323704c93b3c3f066321e16d006e64e399c514
SSDEEP

384:T3DBEOxxTcZmy1BALQQ3mKUDbyy+JBy1Iznc6m+mPeD6aMVFp9tbXT:LDA2kqomcLPeEF5bXT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1420	5012	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 5012	3536	rundll32.exe	82
PID 3536 wrote to memory of 5012	3536	rundll32.exe	82
PID 3536 wrote to memory of 5012	3536	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a17579b122037f0598432135257419005abae823ee48fa429142441ea88982ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a17579b122037f0598432135257419005abae823ee48fa429142441ea88982ba.dll,#1
  2⤵
  PID:5012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 580
    3⤵
    - Program crash
    PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5012 -ip 5012
1⤵
PID:2644