754deeb42728f28dddec23877e246b60d3574056adfb6f411cf6e12e3a3e6e58

Analysis

max time kernel
281s
max time network
322s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 22:48

Target

754deeb42728f28dddec23877e246b60d3574056adfb6f411cf6e12e3a3e6e58.dll
Size

1008KB
MD5

72ad89513abc31ea78af48be9d3efbf7
SHA1

5f7d1bd7aa92da479826b1fb3bcea89525f47cb9
SHA256

754deeb42728f28dddec23877e246b60d3574056adfb6f411cf6e12e3a3e6e58
SHA512

4082f25566c5e26f5b8dbd84ada68c296c84f6f206b70a04e01426d6858401889ded1ecd372accd9fc39a738c43808931b72e7c0b69583328513b960c14ae8b0
SSDEEP

24576:tWuMGMlDviVye11hv5OCe9mXb4452xVUhpdeeTRdN:tWuMGMlQ911J5DeYrsVypdhTR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1004	3024	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 3024	804	rundll32.exe	80
PID 804 wrote to memory of 3024	804	rundll32.exe	80
PID 804 wrote to memory of 3024	804	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\754deeb42728f28dddec23877e246b60d3574056adfb6f411cf6e12e3a3e6e58.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\754deeb42728f28dddec23877e246b60d3574056adfb6f411cf6e12e3a3e6e58.dll,#1
  2⤵
  PID:3024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 652
    3⤵
    - Program crash
    PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3024 -ip 3024
1⤵
PID:1912