a5e08cc93ae7c95e93eea050b25f64d6bcbdd222ec6a49567484ee5fe4413cc9

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 20:49

Target

a5e08cc93ae7c95e93eea050b25f64d6bcbdd222ec6a49567484ee5fe4413cc9.dll
Size

712KB
MD5

ed57cc71de7f4e3b9d3869f7302e6937
SHA1

3cf31e95112eaf3a17b842d0e795170944bacadd
SHA256

a5e08cc93ae7c95e93eea050b25f64d6bcbdd222ec6a49567484ee5fe4413cc9
SHA512

dc3efa076ac92cf1814833028efbbd1bf1145795d308cf730bb73db0cbb456be1d1fbd0ced28f169776b3ddd583cf33211d9eeb52967070df25204a39e824111
SSDEEP

6144:vN8NKBdB5PsFSvJL3R0qfdKWXT4VXIoKkDc2K7eIXgttBC73oH9spFfjJd3:vNEKp5HrR0qfdNd15ehttBC732af73

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1920	2244	WerFault.exe	80

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2244	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2244	2088	rundll32.exe	80
PID 2088 wrote to memory of 2244	2088	rundll32.exe	80
PID 2088 wrote to memory of 2244	2088	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5e08cc93ae7c95e93eea050b25f64d6bcbdd222ec6a49567484ee5fe4413cc9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5e08cc93ae7c95e93eea050b25f64d6bcbdd222ec6a49567484ee5fe4413cc9.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2244
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 692
    3⤵
    - Program crash
    PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2244 -ip 2244
1⤵
PID:388