ae9e87b563e78e72f23c63ea591cb83f866718021c383362b480673db928231c

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 00:27

Target

ae9e87b563e78e72f23c63ea591cb83f866718021c383362b480673db928231c.dll
Size

208KB
MD5

32b13fd3bdffc480cc3e39d66b5ee4ac
SHA1

05008848aff7a3451804bf026e7add2b3f34fe25
SHA256

ae9e87b563e78e72f23c63ea591cb83f866718021c383362b480673db928231c
SHA512

6c454528b91c6ca62ca345221d21cf32510adc5b1fdfc96f151dbfe7b1c14f07bf048532748264e63b606248b5bc4c0e7bba99ed72120d2b0f75469e596c60f8
SSDEEP

3072:MUhh8K3JTFYEXos6hgf4u6UT1uAcgeZJq2/qQ5aK7po+7gGE:M8h80h5X/j6UUAcgebq2/Z5aKN7R

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4908	2824	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 2824	1092	rundll32.exe	81
PID 1092 wrote to memory of 2824	1092	rundll32.exe	81
PID 1092 wrote to memory of 2824	1092	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae9e87b563e78e72f23c63ea591cb83f866718021c383362b480673db928231c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae9e87b563e78e72f23c63ea591cb83f866718021c383362b480673db928231c.dll,#1
  2⤵
  PID:2824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 600
    3⤵
    - Program crash
    PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2824 -ip 2824
1⤵
PID:5008