ff35f51223872d25b4b6877903dec93430b0021d4df4b31909ca61018494e057

Analysis

max time kernel
121s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 20:20

Target

ff35f51223872d25b4b6877903dec93430b0021d4df4b31909ca61018494e057.dll
Size

79KB
MD5

a0ae19aeafab112edbc546d47678db80
SHA1

dd5e897c757e214326850fcd9a085f69e4f6be93
SHA256

ff35f51223872d25b4b6877903dec93430b0021d4df4b31909ca61018494e057
SHA512

e39b83379778e275e639b0b8d28fb384057a504ab5ac4672f3e5886292b7802df44f41e190eef36477d09eb2b8c3a1bc3962994e3cdb8e25a2053d69380128dd
SSDEEP

1536:3f7qMyl6IeMyvrs+65TWHYZ73Zy3yp453IyIBx4I6fkHrIEwgMpsV1T3G+sD2Aan:DqF6IePw7KM7G53IPx4rsIEwgMpsV1T9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3236	876	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 424 wrote to memory of 876	424	rundll32.exe	79
PID 424 wrote to memory of 876	424	rundll32.exe	79
PID 424 wrote to memory of 876	424	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff35f51223872d25b4b6877903dec93430b0021d4df4b31909ca61018494e057.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff35f51223872d25b4b6877903dec93430b0021d4df4b31909ca61018494e057.dll,#1
  2⤵
  PID:876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 544
    3⤵
    - Program crash
    PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 876 -ip 876
1⤵
PID:2676

memory/876-133-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download