d1892f30dd76213ff167a4e9a55e91368d637427b88e0a2dec712d0db89abceb

Analysis

max time kernel
175s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 04:20

Target

d1892f30dd76213ff167a4e9a55e91368d637427b88e0a2dec712d0db89abceb.dll
Size

175KB
MD5

82533136747274e5b377c72ace5b0cf5
SHA1

f87a4c1b00159981a020f014210af6716df86078
SHA256

d1892f30dd76213ff167a4e9a55e91368d637427b88e0a2dec712d0db89abceb
SHA512

3ba4401d38ea933fa0db25d6cef7f812a4787789253237edd9a480413dfa49937cfe516fe625a9f28c3131a2972508d7d77a0233becbc86d938047a0129bb730
SSDEEP

3072:OQo/r4QiTG8/IuNlspCQKk9mpobZQyH8oz5EiMWbgPb/+ohLd:Do/r378wcApKobKQ8Kl9gPhL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4696 1852 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4696	1852	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2700 wrote to memory of 1852	2700	rundll32.exe	rundll32.exe
PID 2700 wrote to memory of 1852	2700	rundll32.exe	rundll32.exe
PID 2700 wrote to memory of 1852	2700	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1892f30dd76213ff167a4e9a55e91368d637427b88e0a2dec712d0db89abceb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1892f30dd76213ff167a4e9a55e91368d637427b88e0a2dec712d0db89abceb.dll,#1
2⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 612
3⤵
- Program crash
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1852 -ip 1852
1⤵
PID:3544