e21f28c60ac336baacde62b6074ab47d69f1837d3053c81b9738742b017fa6ab

Analysis

max time kernel
174s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 12:00

Target

e21f28c60ac336baacde62b6074ab47d69f1837d3053c81b9738742b017fa6ab.dll
Size

205KB
MD5

ac6a0cb358b99f354414be23b6009748
SHA1

ed7d81405eb3b15c6e19465a25f30dcd41b96c98
SHA256

e21f28c60ac336baacde62b6074ab47d69f1837d3053c81b9738742b017fa6ab
SHA512

90b50bc7839d3000e55ee35b1a4f9f72eb48463919a67ede7eea24b70108b40e29f435825f277f460aeefdc3ddceccb4defb00494bc12e25d43eacc6ef0b2631
SSDEEP

3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUCJ5wg:0/MEfuN0t8C5oFsoeRM3o0jH

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4132 1712 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4132	1712	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2196 wrote to memory of 1712	2196	rundll32.exe	rundll32.exe
PID 2196 wrote to memory of 1712	2196	rundll32.exe	rundll32.exe
PID 2196 wrote to memory of 1712	2196	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e21f28c60ac336baacde62b6074ab47d69f1837d3053c81b9738742b017fa6ab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e21f28c60ac336baacde62b6074ab47d69f1837d3053c81b9738742b017fa6ab.dll,#1
2⤵
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 632
3⤵
- Program crash
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1712 -ip 1712
1⤵
PID:4504