abb07ef5d6f22d694393e21f52e1e0450cfa72be542f49871b99b87add2decb2

Analysis

max time kernel
106s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 07:24

Target

abb07ef5d6f22d694393e21f52e1e0450cfa72be542f49871b99b87add2decb2.dll
Size

229KB
MD5

047e800a4d1e76a29ee577de315c4c56
SHA1

cd4c3b258c5bc2ef629175809fa53715bf4afa2b
SHA256

abb07ef5d6f22d694393e21f52e1e0450cfa72be542f49871b99b87add2decb2
SHA512

e55df8682e4f5887a3d9a530d354c837418f41a5c3145e0d3664bacbdfe2c0cb6aac6854f32856d041365ba7f0547c81ba4d7a7c2fd9272e4afe0e490ec866c3
SSDEEP

6144:ZQ3YyqzsstGEH1AJff8+7BCs5gzTMrandAPd:ZQCt/H10f8ergzTMrA6d

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3380	764	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 764	1144	rundll32.exe	80
PID 1144 wrote to memory of 764	1144	rundll32.exe	80
PID 1144 wrote to memory of 764	1144	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abb07ef5d6f22d694393e21f52e1e0450cfa72be542f49871b99b87add2decb2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abb07ef5d6f22d694393e21f52e1e0450cfa72be542f49871b99b87add2decb2.dll,#1
  2⤵
  PID:764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 548
    3⤵
    - Program crash
    PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 764 -ip 764
1⤵
PID:3620