2060a1976bee37ede8da81a69e3e4248271744dd58c800055e5328aca671a4ec

Analysis

max time kernel
55s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2022, 08:46

Target

864-58-0x00000000001B0000-0x00000000001DA000-memory.dll
Size

168KB
MD5

2b72fac5dcd50453bb9e0f6c9cd8623d
SHA1

bd028ca739766e30b5b5d45f8e2943c3682664fc
SHA256

2060a1976bee37ede8da81a69e3e4248271744dd58c800055e5328aca671a4ec
SHA512

ecc9c7623fea256eb36e56ba9149379712bf9c19947c34ec6cbbc8c85980ba0ba5bfc46d6394d920a11359ce4e25a63212861ea5db843769925fe99280b2a492
SSDEEP

3072:k/BLkyzwtNie/8XzAgJaGtV8TBfFZgUiO/yaxX1:8sae/8X0gJjtV8TB9ZT9/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5100	2752	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2752	1268	rundll32.exe	81
PID 1268 wrote to memory of 2752	1268	rundll32.exe	81
PID 1268 wrote to memory of 2752	1268	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\864-58-0x00000000001B0000-0x00000000001DA000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\864-58-0x00000000001B0000-0x00000000001DA000-memory.dll,#1
  2⤵
  PID:2752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 564
    3⤵
    - Program crash
    PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2752 -ip 2752
1⤵
PID:3044