d538cc9ca79b7616f6d5406573c24e65c4194e18a215a67d28d41d797289b83c

Analysis

max time kernel
139s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:00

Target

d538cc9ca79b7616f6d5406573c24e65c4194e18a215a67d28d41d797289b83c.dll
Size

139KB
MD5

45e207442905e55d931e68c95358cbfa
SHA1

bfe509ff0a47967fb5b0f483930867fe1fbbf855
SHA256

d538cc9ca79b7616f6d5406573c24e65c4194e18a215a67d28d41d797289b83c
SHA512

648fdeb2e2f70627779964bd2a5774ee849354e021641c767249642e33ba81bd9a910d9461e1ce0cebd490ef462b347cf35266c614df895514c816a9efb72653
SSDEEP

3072:IyUx+PbETcgqhevEUZjsCp7rB0GhTQhl5VjnUGsdg04ujOEmMrtJd2Jm/ie1j:IiEVu4B0GhTQh71sC0vjeM9

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1164 868 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1164	868	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2112 wrote to memory of 868	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 868	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 868	2112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d538cc9ca79b7616f6d5406573c24e65c4194e18a215a67d28d41d797289b83c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d538cc9ca79b7616f6d5406573c24e65c4194e18a215a67d28d41d797289b83c.dll,#1
2⤵
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 592
3⤵
- Program crash
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 868 -ip 868
1⤵
PID:820