b114b077bfcf9799a1ba7721fb2aee2521da44c34ac59e29ab6835c8a9d6c957

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 07:41

Target

b114b077bfcf9799a1ba7721fb2aee2521da44c34ac59e29ab6835c8a9d6c957.dll
Size

43KB
MD5

2edfbf9a94fc604b9c2eae60ae0e7ee4
SHA1

b66979a8c57486475c18ff297fae59552916f9ac
SHA256

b114b077bfcf9799a1ba7721fb2aee2521da44c34ac59e29ab6835c8a9d6c957
SHA512

2a6a5f32122682adc28db6cf3f264c6a535ee8d28d24130ee657fa2e78969be5a28a91671c070578c66c963f8d5d93742b63db4ff23845f1f70f77b2bd4944be
SSDEEP

768:uTIm/EZT1+jf+T2aHWUhB23NQ6Efj1hyL9rK8odPrRIFpo9G+C:s/EZT1+KiaHWUPUQ6E5ML93odPrSHoM+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4032	1472	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 1472	976	rundll32.exe	82
PID 976 wrote to memory of 1472	976	rundll32.exe	82
PID 976 wrote to memory of 1472	976	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b114b077bfcf9799a1ba7721fb2aee2521da44c34ac59e29ab6835c8a9d6c957.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b114b077bfcf9799a1ba7721fb2aee2521da44c34ac59e29ab6835c8a9d6c957.dll,#1
  2⤵
  PID:1472
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 560
    3⤵
    - Program crash
    PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1472 -ip 1472
1⤵
PID:4512