861a52c434229d5f097914d766633afb2188bf479d0acfe12f3fa3cdc90fe583

Analysis

max time kernel
176s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 01:49

Target

861a52c434229d5f097914d766633afb2188bf479d0acfe12f3fa3cdc90fe583.dll
Size

18KB
MD5

480377d92c5e8b3ff0abc0876a83e413
SHA1

42a13bd60951b80aeff8cf95e4d0257e958aa5c6
SHA256

861a52c434229d5f097914d766633afb2188bf479d0acfe12f3fa3cdc90fe583
SHA512

3481be4445a1f9825f48aec256aa02eace7f77239ebbf374065dd3c9c4b4911eec9a0637cce1591a8ef3ec579f78ac4ffdbc2f82aa8522760ff03ac693f80530
SSDEEP

384:do+FclxrTZvqs43n/o5IxARYNywoyY0SVQKOKN27:JFcrrTZrkARYqGKNw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
888	1372	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 1372	3488	rundll32.exe	82
PID 3488 wrote to memory of 1372	3488	rundll32.exe	82
PID 3488 wrote to memory of 1372	3488	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\861a52c434229d5f097914d766633afb2188bf479d0acfe12f3fa3cdc90fe583.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\861a52c434229d5f097914d766633afb2188bf479d0acfe12f3fa3cdc90fe583.dll,#1
  2⤵
  PID:1372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 584
    3⤵
    - Program crash
    PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1372 -ip 1372
1⤵
PID:1340