0c3a95404cad700b5be7e31699546d2021d094ff0c9f85283976c0411221ceda

Analysis

max time kernel
160s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 14:20

Target

0c3a95404cad700b5be7e31699546d2021d094ff0c9f85283976c0411221ceda.dll
Size

100KB
MD5

0e5600f88476d666ba88e763be96bd25
SHA1

993fe47d0d77d6548219a8f59eb9b8e6b569c14c
SHA256

0c3a95404cad700b5be7e31699546d2021d094ff0c9f85283976c0411221ceda
SHA512

d22e5ae7c53dfe20d51f5a67603c0aa43e62a25c516f4418a6b87bc842658bd435219fe95d409cea9173d91273147a5d5475c7bcb82319c0a26046ba2e014360
SSDEEP

3072:xT9AZR+H6+zneDtHIpFUn6JvaHE6eEFNm:HQRE6ODF46JCj/F8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4204	2256	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 2256	4876	rundll32.exe	80
PID 4876 wrote to memory of 2256	4876	rundll32.exe	80
PID 4876 wrote to memory of 2256	4876	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c3a95404cad700b5be7e31699546d2021d094ff0c9f85283976c0411221ceda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c3a95404cad700b5be7e31699546d2021d094ff0c9f85283976c0411221ceda.dll,#1
  2⤵
  PID:2256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 616
    3⤵
    - Program crash
    PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2256 -ip 2256
1⤵
PID:3600