a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45

Analysis

max time kernel
190s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:25

Target

a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe
Size

1.0MB
MD5

fa2a659cad814b52712b6a6da9cb2bdd
SHA1

35727a7a482ce7a0195ae029be8e27483d4fe6ab
SHA256

a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45
SHA512

d471d7617deb3b0e3554b315bcca47278d01dd99a46cf0d78c85e140c725db3a1936e209dbc990e73e6708447e6cfe0e6eac5761ffb39363591d1d37e316c963
SSDEEP

24576:6cl06aqhM1G7uKk3tUMNbCf2u46R10pcbK8SS:6Iyqyg7GUTB1mc9S

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

rundll32.exe

pid process

1552 rundll32.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

212 2720 WerFault.exe a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe

pid	process
1552	rundll32.exe

pid	pid_target	process	target process
212	2720	WerFault.exe	a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe

description	pid	process	target process
PID 2720 wrote to memory of 1552	2720	a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe	rundll32.exe
PID 2720 wrote to memory of 1552	2720	a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe	rundll32.exe
PID 2720 wrote to memory of 1552	2720	a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe
"C:\Users\Admin\AppData\Local\Temp\a24f5e85bee0d0f377bbd985eaf2618e676bc7528cf1a3746f3e54f7953aee45.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2720

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Uayqupoehp.tmp",Rrptfe
2⤵
- Loads dropped DLL
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 528
2⤵
- Program crash
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2720 -ip 2720
1⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\Uayqupoehp.tmp
Filesize
774KB

MD5
d5e88f35e214f2dff51a7d494316bac2

SHA1
6306dfa71c4e32dede210631cf90732693c0afcf

SHA256
f1828a7b26be78bb27df25b98762eb7dd7e49ee8582d5eee42ded05b0eebc1e4

SHA512
ff167f0379173f976e3f91f41f6c88e67b12dfb0386b66d19f78d3aa3f11534cf2ce1c1d753ada0133cf291adca7ad8367087b791a5c05eaf371dd877ebcce1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uayqupoehp.tmp
Filesize
774KB

MD5
d5e88f35e214f2dff51a7d494316bac2

SHA1
6306dfa71c4e32dede210631cf90732693c0afcf

SHA256
f1828a7b26be78bb27df25b98762eb7dd7e49ee8582d5eee42ded05b0eebc1e4

SHA512
ff167f0379173f976e3f91f41f6c88e67b12dfb0386b66d19f78d3aa3f11534cf2ce1c1d753ada0133cf291adca7ad8367087b791a5c05eaf371dd877ebcce1d

Download Submit
memory/1552-134-0x0000000000000000-mapping.dmp

Download
memory/2720-132-0x000000000247C000-0x000000000255E000-memory.dmp

Filesize
904KB

Download
memory/2720-135-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2720-133-0x0000000002650000-0x0000000002775000-memory.dmp

Filesize
1.1MB

Download
memory/2720-138-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download