3ad1831b1133d12a11db0c73e794d94791c6899a28c7642e1446e9300c41ca9d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 20:21

Target

3ad1831b1133d12a11db0c73e794d94791c6899a28c7642e1446e9300c41ca9d.dll
Size

236KB
MD5

0c1539b53e575a789643a810868df4fc
SHA1

24c465bc2980ac051c96f36d173b314ca2119f7d
SHA256

3ad1831b1133d12a11db0c73e794d94791c6899a28c7642e1446e9300c41ca9d
SHA512

4f9e2ba5f17d111f0af5ee0eaad9aa3b9da547d1d1096c0f0c885986fa1e14f78bc809f89767ff7373ab59ee42b6f92555b83818f3a7bce4236c2b2d56df60db
SSDEEP

3072:5TI70eIjarZazJ5sO/wJDELva0lcsTzWJfupGzgTRHZjwUuJKA6ePt:e70+Z2yO/mEbEM6JWEzyZZkU25

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4316	4888	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4888	4632	rundll32.exe	82
PID 4632 wrote to memory of 4888	4632	rundll32.exe	82
PID 4632 wrote to memory of 4888	4632	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ad1831b1133d12a11db0c73e794d94791c6899a28c7642e1446e9300c41ca9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ad1831b1133d12a11db0c73e794d94791c6899a28c7642e1446e9300c41ca9d.dll,#1
  2⤵
  PID:4888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 556
    3⤵
    - Program crash
    PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4888 -ip 4888
1⤵
PID:4840