7a6b3debef45178d9f5439097a0842229e07497505a103bea49187cb6a913533

Analysis

max time kernel
137s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:55

Target

7a6b3debef45178d9f5439097a0842229e07497505a103bea49187cb6a913533.dll
Size

424KB
MD5

b00765f779f1d5435f4c52d560834617
SHA1

444fe4cabde96f54aa2e260d51478762541ee6e5
SHA256

7a6b3debef45178d9f5439097a0842229e07497505a103bea49187cb6a913533
SHA512

403e2fa8f5d85793a9399d7998d6269b1a64e1bf566e9bfcd09c25281e51ab3d80fb2f64e9a5cfa4e0b2724ce8d1d46046b224d5d4bc786d01c1fb6d77c4ffed
SSDEEP

6144:vopn97RMgON8vFK95OvZ6f32bPvcQWdmTqmNqthPBbt5a2gKh65wcl4crqg:voDlwN8vw5OumbPvqdHhpt5a2Vsd48q

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1188 1124 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1188	1124	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1028 wrote to memory of 1124	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 1124	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 1124	1028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a6b3debef45178d9f5439097a0842229e07497505a103bea49187cb6a913533.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1028

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a6b3debef45178d9f5439097a0842229e07497505a103bea49187cb6a913533.dll,#1
2⤵
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 584
3⤵
- Program crash
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1124 -ip 1124
1⤵
PID:3912