ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992

Analysis

max time kernel
91s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 04:24

Target

ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll
Size

56KB
MD5

a325784ff5d7d36ed2af2169f1ece860
SHA1

28f4a5910fb121aa7e307537b812de7ce7940007
SHA256

ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992
SHA512

c1e0e64d1199c913fb61210dd3d5c8a21df4654d43b8e1f54c7f71757836efdf1fcdf6e9cf1be5ff233452816d357bf7d944cb7d6047246343c40704d39072d3
SSDEEP

768:qins3oNcxnpEDMkRhmc7h48714xjB1TEjdG7RofmjzHcCs/o1:tR6xn0B9O7TEjdGRofmjzcC9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3440	3776	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 3776	5040	rundll32.exe	79
PID 5040 wrote to memory of 3776	5040	rundll32.exe	79
PID 5040 wrote to memory of 3776	5040	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll,#1
  2⤵
  PID:3776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 572
    3⤵
    - Program crash
    PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3776 -ip 3776
1⤵
PID:2380