6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a

Analysis

max time kernel
194s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 03:53

Target

6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll
Size

560KB
MD5

0a5113eb522356640a2a99c22b6f6c72
SHA1

c956dcf0e01b0163738178c86ece82f135101759
SHA256

6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a
SHA512

d883b39f20e11d232e4af0725b81f297db23efb891128f2fd5983bab9068c9a120caa2c45638c9574858f076e3345a7e8548f66f5a0daf2f9abf45b3405b0a60
SSDEEP

12288:IiY0EJ5OYJ/b+jM+j2TAb7z/gAJQjqpdBvA:XY0wpF+A+/gkQjqfBv

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4540 4240 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4540	4240	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2956 wrote to memory of 4240	2956	rundll32.exe	rundll32.exe
PID 2956 wrote to memory of 4240	2956	rundll32.exe	rundll32.exe
PID 2956 wrote to memory of 4240	2956	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2956

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll,#1
2⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 848
3⤵
- Program crash
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4240 -ip 4240
1⤵
PID:2940