95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 22:19

Target

95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca.dll
Size

92KB
MD5

5d87cf08b052b9b3d435afa3d0d924b7
SHA1

97fa2cac1c001b5ffe45d5ba3a365e700b42ed59
SHA256

95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca
SHA512

e4d9cdb4b8445626b875962b9f06768852303af82a8a0c31406dc7f78dd5ba8b151ff448af9dc69b3911be8954053bd80632d9fd8d2a4c17c6256d0914a544f8
SSDEEP

1536:fRmUebiRV0dM05N0nqx1WKkdmLBegV3ktXWzfoDXZ5S+D+kux:ZegVGZ6qgdmLx2xWzfoDJ5ZSx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	1752	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 1752	4904	rundll32.exe	83
PID 4904 wrote to memory of 1752	4904	rundll32.exe	83
PID 4904 wrote to memory of 1752	4904	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95db69a1412bee76df8aa07708260ee32780e740501e75707a2ea202d86921ca.dll,#1
  2⤵
  PID:1752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 600
    3⤵
    - Program crash
    PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1752 -ip 1752
1⤵
PID:4852