2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988

Analysis

max time kernel
177s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 06:24

Target

2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988.dll
Size

763KB
MD5

d5a01e812ecec2ec265784eace378d68
SHA1

bc195bf2b2790a2761a97c65fba056891378c3d3
SHA256

2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988
SHA512

2e945e83fefb302f8dfb5896a1433618be8b01072845daaa3804384655854c19c3c49a59c2ba6a25aae239c50da667ba04d933355d8d0ea454a97de3a18ea868
SSDEEP

12288:IdP0lUmNIvvhscM75sH5SBT20ed9N/5iiQQdxGjQ/gXi7kVwoGONANbmmnvKXR3e:IdclUmNIvvhscMtsKT20edr5iiQQdxGg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1924	2036	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 2036	4952	rundll32.exe	81
PID 4952 wrote to memory of 2036	4952	rundll32.exe	81
PID 4952 wrote to memory of 2036	4952	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2435508944f3b66d060d12bf9a41fb8721af553b84c9b53e31c2008daf0cc988.dll,#1
  2⤵
  PID:2036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 624
    3⤵
    - Program crash
    PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2036 -ip 2036
1⤵
PID:1400

memory/2036-133-0x0000000075040000-0x0000000075104000-memory.dmp

Filesize
784KB

Download