3e054e67725f9dae9882faeba3af0348e9ef4402f26740b945dfe37bf1e39d3c

Analysis

max time kernel
61s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 18:17

Target

3e054e67725f9dae9882faeba3af0348e9ef4402f26740b945dfe37bf1e39d3c.dll
Size

10KB
MD5

02ac759913d6bcbcf18da2b3ec0f568b
SHA1

30f283ced8e9896f271a42025906f08eabc5effa
SHA256

3e054e67725f9dae9882faeba3af0348e9ef4402f26740b945dfe37bf1e39d3c
SHA512

53a4d05128e15d3c50770e2499bc54e5ce2b13d01507463033678a314bab4ad5f80a12b2a5489d86c05bc652620b3d3c67f6b587470416b3773a20b03676058f
SSDEEP

192:Z1mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o9wv:Z8jhdHad/z20IyFWakC84dWaWak8cdWV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
444	1884	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 1884	3736	rundll32.exe	82
PID 3736 wrote to memory of 1884	3736	rundll32.exe	82
PID 3736 wrote to memory of 1884	3736	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e054e67725f9dae9882faeba3af0348e9ef4402f26740b945dfe37bf1e39d3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e054e67725f9dae9882faeba3af0348e9ef4402f26740b945dfe37bf1e39d3c.dll,#1
  2⤵
  PID:1884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 544
    3⤵
    - Program crash
    PID:444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1884 -ip 1884
1⤵
PID:384

memory/1884-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download
memory/1884-134-0x000000006DD20000-0x000000006DD27000-memory.dmp

Filesize
28KB

Download