1014b41fe4f40af29b5f9ef195ab9b5a1ff4ac9a8bfe693a75930cb78443d51b

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2022 13:26

Target

608-58-0x00000000002F0000-0x000000000031A000-memory.dll
Size

168KB
MD5

de6a538e416174d1224990910fb7c7da
SHA1

c88864d1a28eb3117817212bd6222fa81b3b3bb7
SHA256

1014b41fe4f40af29b5f9ef195ab9b5a1ff4ac9a8bfe693a75930cb78443d51b
SHA512

f58e082bbf0400d107ab78ca99c1a9e5e4cc191661b437e1661f744b91032c9bbd3746235aa16f7597736e065264a7df22f17a410bb2382c57f8a675155da172
SSDEEP

3072:+4+TH0hC1UsfeEPEWouv3AGJfJNKsTBfd4va83Q2O/yaa:rh8jGKEWoWwGJhNKsTBVz83Q5/S

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4932 2292 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4932	2292	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1656 wrote to memory of 2292	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 2292	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 2292	1656	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\608-58-0x00000000002F0000-0x000000000031A000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\608-58-0x00000000002F0000-0x000000000031A000-memory.dll,#1
2⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 560
3⤵
- Program crash
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2292 -ip 2292
1⤵
PID:5016