258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:41

Target

258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281.dll
Size

172KB
MD5

3598e834525fb8996e3107a13eeb129b
SHA1

75861055d90861e1182ca22aa3a306f1fcaa8439
SHA256

258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281
SHA512

2b85351ecc1aa449b53c727da3f9fb0aa71d40efb9bc4f55b8aa0e6b308f489771378dd681181f6f0222655e65725a1c252c60a5ef3988da527368ea3dc54efc
SSDEEP

3072:TUj9pz1thi8FgocXWj0VOpb565oXEfF2Kpfu+ni7rsaImVDYdVw4:wbYhocXWjYk5H0YArYgp/

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4384 1336 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4384	1336	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4996 wrote to memory of 1336	4996	rundll32.exe	rundll32.exe
PID 4996 wrote to memory of 1336	4996	rundll32.exe	rundll32.exe
PID 4996 wrote to memory of 1336	4996	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281.dll,#1
  2⤵
  PID:1336
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 552
    3⤵
    - Program crash
    PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1336 -ip 1336
1⤵
PID:5024