d87cdc026ec42e69715e0d309702c10acef6a75f1c0e86612dfe273208d1d1e3

Analysis

max time kernel
152s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 11:01

Target

d87cdc026ec42e69715e0d309702c10acef6a75f1c0e86612dfe273208d1d1e3.dll
Size

120KB
MD5

eb3071ed7c4cf145c392f5b0eea70070
SHA1

d2f026b0ee29b8f9d48a5ebef45570721b50a4d1
SHA256

d87cdc026ec42e69715e0d309702c10acef6a75f1c0e86612dfe273208d1d1e3
SHA512

c3405fd7773b4529b913648ffd71cbeb0df0d2df047fb2a2220bcc9af9958056896596bfe79ec11be4477cc467f0f4f08b1526dfbddb037318fd1def1d0c1b71
SSDEEP

3072:QhlCoOHODSCnaJEYv0eWqe0HAlLcgCwy4SrvmHmKL33:QhlCo4O+KaJEY0efgCUTmY3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2604	32	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 32	2792	rundll32.exe	83
PID 2792 wrote to memory of 32	2792	rundll32.exe	83
PID 2792 wrote to memory of 32	2792	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d87cdc026ec42e69715e0d309702c10acef6a75f1c0e86612dfe273208d1d1e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d87cdc026ec42e69715e0d309702c10acef6a75f1c0e86612dfe273208d1d1e3.dll,#1
  2⤵
  PID:32
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 32 -s 560
    3⤵
    - Program crash
    PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 32 -ip 32
1⤵
PID:2188

memory/32-133-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download