dfcd3273088e4d1b2a578ea1fc9f91d17275dee4cea2113ecb9ef2c831ad8fa2

Analysis

max time kernel
257s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:23

Target

dfcd3273088e4d1b2a578ea1fc9f91d17275dee4cea2113ecb9ef2c831ad8fa2.dll
Size

332KB
MD5

4ba75b9d52ac20f80ecc686d7154fa7b
SHA1

f2d1e6d39893239135134cf6e8cf63a7ca6147d6
SHA256

dfcd3273088e4d1b2a578ea1fc9f91d17275dee4cea2113ecb9ef2c831ad8fa2
SHA512

73233893abe9c4e848c1adc6f5ff8f69f04d4016089b9f925b0631069e134584ed77ffd7145403f232821a58d802f9fdc264d6d0b48232f0db45809fd8999aac
SSDEEP

6144:lF3U1rAREK1XqQPR9d6rDrJt2RkQ6PT2CCcXt1PQ:lhYgXqQnd6rDr+Rx6b2CZL4

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4808 4776 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4808	4776	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2492 wrote to memory of 4776	2492	rundll32.exe	rundll32.exe
PID 2492 wrote to memory of 4776	2492	rundll32.exe	rundll32.exe
PID 2492 wrote to memory of 4776	2492	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfcd3273088e4d1b2a578ea1fc9f91d17275dee4cea2113ecb9ef2c831ad8fa2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfcd3273088e4d1b2a578ea1fc9f91d17275dee4cea2113ecb9ef2c831ad8fa2.dll,#1
2⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 580
3⤵
- Program crash
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4776 -ip 4776
1⤵
PID:3420