02b0fec18cc78cbdb038c774d6c71107613cc8dcfbe871c1af288add4ba042e4

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 01:05

Target

02b0fec18cc78cbdb038c774d6c71107613cc8dcfbe871c1af288add4ba042e4.dll
Size

772KB
MD5

08cc34f0743c588144fe1d9a769c1680
SHA1

9a39a8d4de70d6bd59e61ed95e82d14f27c7501a
SHA256

02b0fec18cc78cbdb038c774d6c71107613cc8dcfbe871c1af288add4ba042e4
SHA512

e716f2e971468038d9f1dff3ccb536ad0664aaf4808e6ac5dfef0c896d9006c93bb0f6f68692906eeb3b72693820d5f0da04578a05b8783bd6345486e554729e
SSDEEP

12288:VX2TZnynE03rJ54VHl0eitSnvBx0YYJnJopQ4XnM3Xn:VX2T9mrCkA5rAWuTX

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2892	3232	WerFault.exe	82
4152	3232	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 3232	4780	rundll32.exe	82
PID 4780 wrote to memory of 3232	4780	rundll32.exe	82
PID 4780 wrote to memory of 3232	4780	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02b0fec18cc78cbdb038c774d6c71107613cc8dcfbe871c1af288add4ba042e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02b0fec18cc78cbdb038c774d6c71107613cc8dcfbe871c1af288add4ba042e4.dll,#1
  2⤵
  PID:3232
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 600
    3⤵
    - Program crash
    PID:2892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 620
    3⤵
    - Program crash
    PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3232 -ip 3232
1⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3232 -ip 3232
1⤵
PID:3324