1742d83f66f2e4b0791aee0361c70ab069927ba1a553cf6b6f81a6fb5e6ee002

Analysis

max time kernel
171s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 04:34

Target

1742d83f66f2e4b0791aee0361c70ab069927ba1a553cf6b6f81a6fb5e6ee002.dll
Size

52KB
MD5

713ace42ce9a6378f62d0c82a034275e
SHA1

a8f937ecbbce1eec889f1293f74c1b92b4b7f58b
SHA256

1742d83f66f2e4b0791aee0361c70ab069927ba1a553cf6b6f81a6fb5e6ee002
SHA512

4f2172d81cf4c9766eeb69e9a62e5a29579f4de750ab555b965077ca40bb06fcabdabbccb25b978d391ac214ee0c2a73a8a0f0158461ebda3cdacf15e674083b
SSDEEP

768:tcVrzFuu55oaY2lnqY7izZddmAjvr3g1LPp4FkWcFzUWMN6GjIxKKiEcBj:iFzN559FOU6v81t4LwM6j9ZGj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3208	4456	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 4456	3812	rundll32.exe	80
PID 3812 wrote to memory of 4456	3812	rundll32.exe	80
PID 3812 wrote to memory of 4456	3812	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1742d83f66f2e4b0791aee0361c70ab069927ba1a553cf6b6f81a6fb5e6ee002.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1742d83f66f2e4b0791aee0361c70ab069927ba1a553cf6b6f81a6fb5e6ee002.dll,#1
  2⤵
  PID:4456
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 556
    3⤵
    - Program crash
    PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4456 -ip 4456
1⤵
PID:4888

memory/4456-132-0x0000000000000000-mapping.dmp

Download
memory/4456-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download