3c2758d0a6a9c7b7a096879a30ab689435af1bc5305e4425591224aaba241a36

Analysis

max time kernel
92s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 09:42

Target

3c2758d0a6a9c7b7a096879a30ab689435af1bc5305e4425591224aaba241a36.dll
Size

499KB
MD5

490b0ab208bdffd262d5e71bd4e6ddc0
SHA1

25fa2528d4483e42e1b4fb1f7f6ffadf4f8500b7
SHA256

3c2758d0a6a9c7b7a096879a30ab689435af1bc5305e4425591224aaba241a36
SHA512

61d8faf4ec51535e87fd8a2553ce90ed2489ef885ad81c7d90f20912b8acd792643184e901635772d1239197b109052f77176d078d7437e18c75350fe2761a3d
SSDEEP

12288:9raOSmnITzNYUHwhy/qoPSus96Mb/ri6ehjou5VW8pr8Wd:JaOSxTpXwcJPUkkDiblpBpr8W

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4992	3796	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 3796	4584	rundll32.exe	79
PID 4584 wrote to memory of 3796	4584	rundll32.exe	79
PID 4584 wrote to memory of 3796	4584	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2758d0a6a9c7b7a096879a30ab689435af1bc5305e4425591224aaba241a36.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2758d0a6a9c7b7a096879a30ab689435af1bc5305e4425591224aaba241a36.dll,#1
  2⤵
  PID:3796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 576
    3⤵
    - Program crash
    PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3796 -ip 3796
1⤵
PID:2484