e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf

Analysis

max time kernel
252s
max time network
330s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:09

Target

e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf.dll
Size

107KB
MD5

7ed12a1967dddf3ead9bec61af4b4d46
SHA1

5b0b1cce66f77b56e99141287b4147cb1679e28e
SHA256

e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf
SHA512

2e16416865479db3630c04606e3b233cedb4081b9b2bf42c62e6e172787141c6f1b6234fd79e2cbc084bb2d8342cb2fe5f38f21af12c2828bee0fd759b956f53
SSDEEP

3072:uRh1Q+Ty0iVMBsrsu34kZa9IJn3G6fjKg0j0wuusA:uRhvSUX2Jn3G6KgMs

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2476 784 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2476	784	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4852 wrote to memory of 784	4852	rundll32.exe	rundll32.exe
PID 4852 wrote to memory of 784	4852	rundll32.exe	rundll32.exe
PID 4852 wrote to memory of 784	4852	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4852

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf.dll,#1
2⤵
PID:784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 624
3⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 784 -ip 784
1⤵
PID:1892

memory/784-132-0x0000000000000000-mapping.dmp

Download
memory/784-133-0x0000000000C90000-0x0000000000C9F000-memory.dmp

Filesize
60KB

Download
memory/784-134-0x0000000000C90000-0x0000000000C9F000-memory.dmp

Filesize
60KB

Download
memory/784-135-0x00000000026C0000-0x00000000026DE000-memory.dmp

Filesize
120KB

Download
memory/784-139-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/784-140-0x0000000000C90000-0x0000000000C9F000-memory.dmp

Filesize
60KB

Download