6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00

Analysis

max time kernel
203s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 03:35

Target

6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll
Size

276KB
MD5

00a7a8251c125ecd85d9dd82ca96cf83
SHA1

b7e5623d2dcf86a9004daf656edd4f27a07e05b1
SHA256

6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00
SHA512

05be7ae3a4d6d40288fdff08a730acc0cb76c70a747a60231abcf51da7e4988d6e6dbf133c148244fd0e05e2c9dec8ba732fc0b4ca60624b00b0cadb835a0d30
SSDEEP

6144:dOSjIXo9jPDv5eisvDs8W7s9ZuJrUO//oOqzTzlUK/zNFe5kQn:k549zDUis7s8W7GYAOqWAMiQ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4140 4388 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4140	4388	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4544 wrote to memory of 4388	4544	rundll32.exe	rundll32.exe
PID 4544 wrote to memory of 4388	4544	rundll32.exe	rundll32.exe
PID 4544 wrote to memory of 4388	4544	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll,#1
2⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 572
3⤵
- Program crash
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4388 -ip 4388
1⤵
PID:220

memory/4388-132-0x0000000000000000-mapping.dmp

Download
memory/4388-133-0x00000000736D0000-0x000000007371C000-memory.dmp

Filesize
304KB

Download