b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 11:04

Target

b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll
Size

772KB
MD5

0687d7f1373c2034b6c1bfb9be0e39a0
SHA1

23c72c95325609a18c15236bbdaf0eccdfa5a3d2
SHA256

b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981
SHA512

edb4bd1fec0bf718e600ac4ff76527435622c0b35c440a184a8b75030be9e0ad09f8ebdec3e8d17ef209b750c8b8b8effa2bc0c6478b41fcf61f92d4b444af27
SSDEEP

12288:CX2TZnynE03rJ54VHl0eitSnZBx0YYJnJopQ4XnM3Xn:CX2T9mrCkAXrAWuTX

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1164	3532	WerFault.exe	81
520	3532	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3532	1508	rundll32.exe	81
PID 1508 wrote to memory of 3532	1508	rundll32.exe	81
PID 1508 wrote to memory of 3532	1508	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll,#1
  2⤵
  PID:3532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 600
    3⤵
    - Program crash
    PID:1164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 608
    3⤵
    - Program crash
    PID:520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3532 -ip 3532
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3532 -ip 3532
1⤵
PID:2976