e6d1ba7403a0cc09d2457b269442523075389719e85e5e4747a98661e1590def

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 21:49

Target

e6d1ba7403a0cc09d2457b269442523075389719e85e5e4747a98661e1590def.dll
Size

668KB
MD5

48a61f356b589dc5e514493c2699c290
SHA1

eaf763bac17c3b5348afabc9c3f4ab10efd391ea
SHA256

e6d1ba7403a0cc09d2457b269442523075389719e85e5e4747a98661e1590def
SHA512

26cf99488268ae434591373b6ec8f78bae0b4f53d78d9cb5fa5b09df1ff926ce46cdc94cd41ad8b9285c71d20117b916a863d5a2851c0da271e1856092da4e8c
SSDEEP

12288:RNcw5lMe/uE1G3RkoszeaHKePeSdeyKxkI8aoJ00F5OiQzp9HnnlsMf:RNOe91GBkLqFePeSdi2WM5OHt9HnlsMf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
664	1560	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 1560	4596	rundll32.exe	81
PID 4596 wrote to memory of 1560	4596	rundll32.exe	81
PID 4596 wrote to memory of 1560	4596	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6d1ba7403a0cc09d2457b269442523075389719e85e5e4747a98661e1590def.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6d1ba7403a0cc09d2457b269442523075389719e85e5e4747a98661e1590def.dll,#1
  2⤵
  PID:1560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 624
    3⤵
    - Program crash
    PID:664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1560 -ip 1560
1⤵
PID:5032

memory/1560-132-0x0000000000000000-mapping.dmp

Download
memory/1560-133-0x0000000002C70000-0x0000000002D17000-memory.dmp

Filesize
668KB

Download
memory/1560-137-0x0000000002BF0000-0x0000000002C6D000-memory.dmp

Filesize
500KB

Download