e2322792ab5eea5d15fa8fd93d678011b5e2f86f900bc1984426fae65fd0312d

Analysis

max time kernel
161s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:52

Target

e2322792ab5eea5d15fa8fd93d678011b5e2f86f900bc1984426fae65fd0312d.dll
Size

125KB
MD5

d6afcc38961ab7026659e35e2d0380c9
SHA1

70b0bd636e8c6e765c2934324fcf80e2185f70fd
SHA256

e2322792ab5eea5d15fa8fd93d678011b5e2f86f900bc1984426fae65fd0312d
SHA512

71752f117338ea56f7c3bf0aa1a909634ea1e0106455cfb6a7e506e2b3d3b0a35bb0ac41109b137465c62677121bcf9eaa5f9895c562719c6e9117f845a6edf1
SSDEEP

3072:+87W1UF4p07RA1a2C/s9LTpIqrzZjLGI3u:+8CE4C7Aa2CiLTpI6G

Score

3^/10

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

3976 1872 WerFault.exe rundll32.exe
2120 1872 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3976	1872	WerFault.exe	rundll32.exe
2120	1872	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 4264 wrote to memory of 1872	4264	rundll32.exe	rundll32.exe
PID 4264 wrote to memory of 1872	4264	rundll32.exe	rundll32.exe
PID 4264 wrote to memory of 1872	4264	rundll32.exe	rundll32.exe
PID 1872 wrote to memory of 3976	1872	rundll32.exe	WerFault.exe
PID 1872 wrote to memory of 3976	1872	rundll32.exe	WerFault.exe
PID 1872 wrote to memory of 3976	1872	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2322792ab5eea5d15fa8fd93d678011b5e2f86f900bc1984426fae65fd0312d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4264

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2322792ab5eea5d15fa8fd93d678011b5e2f86f900bc1984426fae65fd0312d.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 616
3⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 616
3⤵
- Program crash
PID:2120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1872 -ip 1872
1⤵
PID:3164

memory/1872-132-0x0000000000000000-mapping.dmp

Download
memory/1872-133-0x00000000010F0000-0x0000000001103000-memory.dmp

Filesize
76KB

Download
memory/1872-134-0x0000000002BE0000-0x0000000002C02000-memory.dmp

Filesize
136KB

Download
memory/1872-138-0x00000000010F0000-0x0000000001103000-memory.dmp

Filesize
76KB

Download
memory/3976-139-0x0000000000000000-mapping.dmp

Download