d0bb5584b8cb1d0708ab11fdfb20347bcec0edf69206a0f6cbbaac3cdbf2dd8e

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 08:38

Target

d0bb5584b8cb1d0708ab11fdfb20347bcec0edf69206a0f6cbbaac3cdbf2dd8e.dll
Size

125KB
MD5

21b54e62a4d48fbc167f81357634b835
SHA1

58e33cdba2cb9ff3a34b53cda759ac711e5a3f76
SHA256

d0bb5584b8cb1d0708ab11fdfb20347bcec0edf69206a0f6cbbaac3cdbf2dd8e
SHA512

62dfaf58010f9ae24cbc9b950c5ff2f8065902d4af50d45916a30d19e9f6f0c5eb675baede605134a83b655e41a1839ffcf3b4f6dc8e7ab2609922c100daac99
SSDEEP

1536:s5TT7amwj/m35saWRIa8KON8wX5ipE2aclOy5CB9zClM3j//PPboQQBS0o5:sc3MVWRInKONJpbcOyALzClMTnP4B+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3404	5092	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 5092	2424	rundll32.exe	79
PID 2424 wrote to memory of 5092	2424	rundll32.exe	79
PID 2424 wrote to memory of 5092	2424	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0bb5584b8cb1d0708ab11fdfb20347bcec0edf69206a0f6cbbaac3cdbf2dd8e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0bb5584b8cb1d0708ab11fdfb20347bcec0edf69206a0f6cbbaac3cdbf2dd8e.dll,#1
  2⤵
  PID:5092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 560
    3⤵
    - Program crash
    PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5092 -ip 5092
1⤵
PID:4832