3353e3ae240815f8c79c02cc1c5994d1243479b079dcfbbbcb5d137301330ebe

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 12:55

Target

3353e3ae240815f8c79c02cc1c5994d1243479b079dcfbbbcb5d137301330ebe.dll
Size

924KB
MD5

a96a531bedd0ae3512c9faa6b02c17a0
SHA1

e4666f2ef2b9bf6e42d4dcb04cb491ae92d38a65
SHA256

3353e3ae240815f8c79c02cc1c5994d1243479b079dcfbbbcb5d137301330ebe
SHA512

aea394d4e914ce8defe175056bd1e2835f947ff6f612f7b7da8fb47fdca4ab51412c4c0b875a56b9e50beed58c7254b89c90dd8d0ee4ee6c567cd82f11ed1e8b
SSDEEP

12288:Wvmr+ifYkI6l0eCkiphuiDKFPqyXs2IToAs8XhSvKmm:Wvmp7ykmCNqyXsxj7Rxmm

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4904	2536	WerFault.exe	81
4168	2536	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 2536	5064	rundll32.exe	81
PID 5064 wrote to memory of 2536	5064	rundll32.exe	81
PID 5064 wrote to memory of 2536	5064	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3353e3ae240815f8c79c02cc1c5994d1243479b079dcfbbbcb5d137301330ebe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3353e3ae240815f8c79c02cc1c5994d1243479b079dcfbbbcb5d137301330ebe.dll,#1
  2⤵
  PID:2536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 640
    3⤵
    - Program crash
    PID:4904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 668
    3⤵
    - Program crash
    PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2536 -ip 2536
1⤵
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 2536 -ip 2536
1⤵
PID:4936