ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752

Analysis

max time kernel
91s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 04:44

Target

ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll
Size

114KB
MD5

5628c3d38b6c383283a6c45d3257d37f
SHA1

d9e10737f3152f27a5c9071702d2ee1eeb5389a7
SHA256

ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752
SHA512

7bd9dc4960e7f9e8f07299104c7183a255ca972cf2a8a0b961051662c0feda039b50470bc91d4ee5a9218476353f962dc38a6f1e035f744ac356716d0a4d53ac
SSDEEP

3072:v8pINCf/qPkhR8GNR/iKEbY9v46VtVpW:vxwfCPw8GL/iO9v7Xp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4768	3596	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 3596	1380	rundll32.exe	20
PID 1380 wrote to memory of 3596	1380	rundll32.exe	20
PID 1380 wrote to memory of 3596	1380	rundll32.exe	20

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll,#1
  2⤵
  PID:3596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 640
    3⤵
    - Program crash
    PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3596 -ip 3596
1⤵
PID:3916

memory/3596-134-0x0000000000DE0000-0x0000000000E00000-memory.dmp

Filesize
128KB

Download
memory/3596-133-0x0000000000D60000-0x0000000000D6F000-memory.dmp

Filesize
60KB

Download
memory/3596-138-0x0000000000D60000-0x0000000000D6F000-memory.dmp

Filesize
60KB

Download