2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04

Analysis

max time kernel
171s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 15:08

Target

2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll
Size

1.3MB
MD5

8a5667fea0602f8c99968ff0488e20db
SHA1

b29a8f2f1106cd21e6596d9248ec23714b016b76
SHA256

2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04
SHA512

fa54e204e045f0b82ca0e5ca57d7f5c239672c39e68783c3c224d81b74acf19a9a437523b93ccee7468424c0e5ca7592916583b732bd9caa87687af55640b4a4
SSDEEP

24576:ySuhSc+1GPFXxCWDb0OfdXAMYdj1ObWNt1y8CQ2a+YYQjb:Hm+12/DhVAnB19NKf1Qjb

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2372 3740 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2372	3740	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2288 wrote to memory of 3740	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 3740	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 3740	2288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll,#1
2⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 552
3⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3740 -ip 3740
1⤵
PID:4216