5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:08

Target

5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll
Size

88KB
MD5

4528e9aee524c24efb3f2d9c5cb19ee0
SHA1

df22938b123cab52fc7ae620f4e96b72d4fd2fed
SHA256

5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf
SHA512

f6b4827e9c4d45c17d7335153d591694d05ce873fadbf218814c3d3c8265010a69b3dd83ba7783880acccfd6eaf60c5e207b43ac6475a43e26b6771f5aa4d26d
SSDEEP

1536:j8CVk36NSfl//GRUiRCQKORgoGZ1apKCjNhq0i5vWMCsXR9S2:jlVhI9//GJRCQKOnOophq0/ont

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1096 wrote to memory of 4772	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 4772	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 4772	1096	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll,#1
2⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4772 -ip 4772
1⤵
PID:372

memory/4772-132-0x0000000000000000-mapping.dmp

Download
memory/4772-133-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download