dfea47ad9349a4ec62f7b9b6795e84455df28f51c5e2173de44830e9654103a3

Analysis

max time kernel
90s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 05:31

Target

dfea47ad9349a4ec62f7b9b6795e84455df28f51c5e2173de44830e9654103a3.dll
Size

210KB
MD5

112f576135687f0e51756834ee464420
SHA1

fd7fd9c99276bf3c5d205d96d378aafa0ca443cb
SHA256

dfea47ad9349a4ec62f7b9b6795e84455df28f51c5e2173de44830e9654103a3
SHA512

89c35845ffa96ed9d5ab309613e0fba1b928ec586852bd5d6997a6913b4551deae7a65262a3f8fe11b54c8a73e8f7baf6e712e0c20d62a7496b8b40b643241ca
SSDEEP

6144:NYVpv602Pf/QUtXVMcSGhuAxNjrAZ880:uV0PH/htXNuAnrA7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5036	4512	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 4512	2496	rundll32.exe	81
PID 2496 wrote to memory of 4512	2496	rundll32.exe	81
PID 2496 wrote to memory of 4512	2496	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfea47ad9349a4ec62f7b9b6795e84455df28f51c5e2173de44830e9654103a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfea47ad9349a4ec62f7b9b6795e84455df28f51c5e2173de44830e9654103a3.dll,#1
  2⤵
  PID:4512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 564
    3⤵
    - Program crash
    PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4512 -ip 4512
1⤵
PID:5020

memory/4512-133-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4512-134-0x00000000067F0000-0x000000000680B000-memory.dmp

Filesize
108KB

Download