5c53963adf3d2f8c287339c8903e3620fe28fbc04838500e6855cfa03f615ea0

Analysis

max time kernel
135s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 14:31

Target

5c53963adf3d2f8c287339c8903e3620fe28fbc04838500e6855cfa03f615ea0.dll
Size

130KB
MD5

0446cbd09933feb165e21ff85c55c20e
SHA1

d7c2d57389242ccd0cef117738e4b02458dde9b1
SHA256

5c53963adf3d2f8c287339c8903e3620fe28fbc04838500e6855cfa03f615ea0
SHA512

22873c64005292183e27d38bcc527f31fabcef9c123c9437b20ce065ad1d5c0c11c747d16e5a9c8273b6342139e451a6e9a3ffcb9efb50a2059f104ac819265c
SSDEEP

3072:lDxr2Hfnjw0qJekV2iCH3PXuuSEYEwL+Z0WANfbJHOL5PFn0wcccccccc:jr2cTgc+0WIdH0PFn0wcccccccc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3440	4852	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 4852	4956	rundll32.exe	80
PID 4956 wrote to memory of 4852	4956	rundll32.exe	80
PID 4956 wrote to memory of 4852	4956	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c53963adf3d2f8c287339c8903e3620fe28fbc04838500e6855cfa03f615ea0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c53963adf3d2f8c287339c8903e3620fe28fbc04838500e6855cfa03f615ea0.dll,#1
  2⤵
  PID:4852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 556
    3⤵
    - Program crash
    PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4852 -ip 4852
1⤵
PID:4548