5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b

Analysis

max time kernel
134s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 20:12

Target

5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b.dll
Size

62KB
MD5

a38594046a350c8e428e6b1b675006a2
SHA1

574df9f28ee135523e5dbab737feb1d7e55db0ac
SHA256

5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b
SHA512

0b7e75ae54441b77d6c07e1442a9012c0315c61067e6550ef80c9c0585cefaf62d5ae5805e6d8fe1f1a772a8d1a83dd8d43c1e9a7a61cab6b5acaa692737a846
SSDEEP

1536:/7MYloVC9UD1T7t/nmZdo52FOm9C0JXlpV1u:A44C9Gpxyh9C05D7u

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4296	4780	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 4780	1928	rundll32.exe	81
PID 1928 wrote to memory of 4780	1928	rundll32.exe	81
PID 1928 wrote to memory of 4780	1928	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b.dll,#1
  2⤵
  PID:4780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 552
    3⤵
    - Program crash
    PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4780 -ip 4780
1⤵
PID:4372

memory/4780-133-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download