b961675ee03d01e73d407dff539d68aa87cbe16bcde4c88acc628de662c3efa3

Analysis

max time kernel
153s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:11

Target

b961675ee03d01e73d407dff539d68aa87cbe16bcde4c88acc628de662c3efa3.dll
Size

348KB
MD5

43eb0861ad7bcc0c80786d1562ab1009
SHA1

a225f3865893596e5c982a312aae4c251f626540
SHA256

b961675ee03d01e73d407dff539d68aa87cbe16bcde4c88acc628de662c3efa3
SHA512

83592aa097a8a7005077966fd7278297e8c839a7af78199ebf189be59a69d22ccac06289967b923dfc0b077cceddb6eb378903a785c25e7e205d68fe2650db5d
SSDEEP

6144:3Z2WedUQ+3juk2rQyBI/Msz1UolMyfhtVV3eHLj5nUhFc9GMYB8D:0ndc0QwcMszFlMyfnuHPpUXc95YB8D

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3544 1936 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3544	1936	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4356 wrote to memory of 1936	4356	rundll32.exe	rundll32.exe
PID 4356 wrote to memory of 1936	4356	rundll32.exe	rundll32.exe
PID 4356 wrote to memory of 1936	4356	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b961675ee03d01e73d407dff539d68aa87cbe16bcde4c88acc628de662c3efa3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4356

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b961675ee03d01e73d407dff539d68aa87cbe16bcde4c88acc628de662c3efa3.dll,#1
2⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 560
3⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1936 -ip 1936
1⤵
PID:3220