920f35b643b025bd96cb6a7bf76c8c4c1be41f68de5cee6bd17e008d7066929f

Analysis

max time kernel
493s
max time network
497s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27-10-2022 05:53

Target

2f7ceb8ea5839aaf84793719b1c2f0e3fd932237da45700eadc339ae908883ec_dump_0x02390000.dll
Size

76KB
MD5

984d4b6587911d8859a0f76b8234e82f
SHA1

9c373ef2046cca948aa1336781851ae8957f8354
SHA256

920f35b643b025bd96cb6a7bf76c8c4c1be41f68de5cee6bd17e008d7066929f
SHA512

e0ad3a8e0c02f347645e67fd9e832eeadce0e32a8f63cda88f6c4ead64873c94daddb46cda40d2b1619ca8caa8af084331ca6868c5f52e1701a160d62d25872a
SSDEEP

1536:x6NJMItrncLXOh6OFV6D6NMez8MuBMH7gn7gSHtMOdDXoYwq:x6Nu4rnczOLoD62v7gSi8D4nq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1412	4800	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 4800	1176	rundll32.exe	82
PID 1176 wrote to memory of 4800	1176	rundll32.exe	82
PID 1176 wrote to memory of 4800	1176	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f7ceb8ea5839aaf84793719b1c2f0e3fd932237da45700eadc339ae908883ec_dump_0x02390000.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f7ceb8ea5839aaf84793719b1c2f0e3fd932237da45700eadc339ae908883ec_dump_0x02390000.dll,#1
  2⤵
  PID:4800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 564
    3⤵
    - Program crash
    PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4800 -ip 4800
1⤵
PID:1748