852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e

Analysis

max time kernel
488s
max time network
492s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
26/10/2022, 22:39

Target

852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll
Size

11KB
MD5

2563874010c5adf9009cb9b231c3d0fc
SHA1

379db96603a3d0264ea2840de47da19aee38b1c9
SHA256

852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e
SHA512

c54f9d168978e834126768c5799cb9068f65dff6beabce73b7298202425f78f7f7c01ec7d4949f07c7157067993a1c3da93071fe950a0faab4d96c28abbd6412
SSDEEP

192:lauTvq4xfawaSuRCi8LKcrSCI1EtuXUqsENhqj1acYu9x0ylNmsUJiSIqLVJTho7:ld7q4VawaSuiSOtuEohqj1XYux00mwq6

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2572	1736	WerFault.exe	63

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1736	1336	rundll32.exe	63
PID 1336 wrote to memory of 1736	1336	rundll32.exe	63
PID 1336 wrote to memory of 1736	1336	rundll32.exe	63

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll,#1
  2⤵
  PID:1736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 544
    3⤵
    - Program crash
    PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1736 -ip 1736
1⤵
PID:3392

memory/1736-133-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download