ac5701ef99ef7ad875310d132960c441e8106063abac6e9ca235e2e37c122530

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2022, 23:29

Target

ac5701ef99ef7ad875310d132960c441e8106063abac6e9ca235e2e37c122530.dll
Size

71KB
MD5

9ce25691ce559980ade5651b2a65b330
SHA1

d86156d31076b33b6ab235def33d4196985ad302
SHA256

ac5701ef99ef7ad875310d132960c441e8106063abac6e9ca235e2e37c122530
SHA512

76a668942db5da5c5c3032dbe8bcaa41130b01eaba82be1f5bb6121af78116addf4197401fc574b198bfc23ae352c745f01b024d2bf1ad96911dd76b9f636f4f
SSDEEP

1536:amI4Obh6tF/Cy9dzUtQlbC3bLFsXCA3CLebD:amIRb8tdHzUtQMLzL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4572	920	WerFault.exe	76

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 920	4228	rundll32.exe	76
PID 4228 wrote to memory of 920	4228	rundll32.exe	76
PID 4228 wrote to memory of 920	4228	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac5701ef99ef7ad875310d132960c441e8106063abac6e9ca235e2e37c122530.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac5701ef99ef7ad875310d132960c441e8106063abac6e9ca235e2e37c122530.dll,#1
  2⤵
  PID:920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 540
    3⤵
    - Program crash
    PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 920 -ip 920
1⤵
PID:3068

memory/920-133-0x0000000075790000-0x00000000757D0000-memory.dmp

Filesize
256KB

Download