d1b7649c33f46f179d59ba5045c2e40fb113a77fb924e291722f25af05567301

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:08

Target

d1b7649c33f46f179d59ba5045c2e40fb113a77fb924e291722f25af05567301.dll
Size

282KB
MD5

5047e5817a1d234529ca75027701b9fc
SHA1

3604f287897f25c89f3ddb8fed58d1c66c9b26fc
SHA256

d1b7649c33f46f179d59ba5045c2e40fb113a77fb924e291722f25af05567301
SHA512

095eda82365e94a067fb7dcf6feac88ec195573c76235671b88413baf6eda6902fdf6d71b9e25d134d05c616af502d5e2f75b220383239c86021c95b901c21b0
SSDEEP

6144:kb0mSpj+H2DcQxrmh1JwVTQmMilTOG77egRNQhxmTCC8UnCshJGDQW411g:U5gG12VTQmMiRnfO8rjhJGqg

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4884 2120 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4884	2120	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1052 wrote to memory of 2120	1052	rundll32.exe	rundll32.exe
PID 1052 wrote to memory of 2120	1052	rundll32.exe	rundll32.exe
PID 1052 wrote to memory of 2120	1052	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b7649c33f46f179d59ba5045c2e40fb113a77fb924e291722f25af05567301.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b7649c33f46f179d59ba5045c2e40fb113a77fb924e291722f25af05567301.dll,#1
2⤵
PID:2120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 544
3⤵
- Program crash
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2120 -ip 2120
1⤵
PID:4940

memory/2120-132-0x0000000000000000-mapping.dmp

Download
memory/2120-133-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download