47b26e0172dff4ae1905455029926314ac685e0ce854c4230fc35a7cdf0fe259

Analysis

max time kernel
509s
max time network
512s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/10/2022, 05:43 UTC

Target

7aa5318a4cf3534ee34f0c542620c03608a95040e8a44ac71150c8e48e6e7ddc_unpacked.dll
Size

2.1MB
MD5

bea0168685e05268cfea4f63a298f16b
SHA1

ff82700ee26bbaf5a3357c5f5070fda9f80f9993
SHA256

47b26e0172dff4ae1905455029926314ac685e0ce854c4230fc35a7cdf0fe259
SHA512

789c2d061a0b72162d3b1cd444b10ff89ad6d889efa452c349adbaea2345192df36d62609d0959e76893899b3e55b2a0e25ad86484f8770a21d20c647c143e60
SSDEEP

49152:YZ54VVdEe/9fSvwNMVEy2rElG6CaP3TYeLiuOAGm5d:YjCdENvzVB2glGnKLiu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4916	1676	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1676	1332	rundll32.exe	84
PID 1332 wrote to memory of 1676	1332	rundll32.exe	84
PID 1332 wrote to memory of 1676	1332	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7aa5318a4cf3534ee34f0c542620c03608a95040e8a44ac71150c8e48e6e7ddc_unpacked.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7aa5318a4cf3534ee34f0c542620c03608a95040e8a44ac71150c8e48e6e7ddc_unpacked.dll,#1
  2⤵
  PID:1676
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 684
    3⤵
    - Program crash
    PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1676 -ip 1676
1⤵
PID:4924