75476fc17d13474b07bee8b665e0a08f1bba56eaaf8f46421566ad3f7061691b

Analysis

max time kernel
197s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 03:21

Target

75476fc17d13474b07bee8b665e0a08f1bba56eaaf8f46421566ad3f7061691b.dll
Size

243KB
MD5

2c4b8edf99a52bd5b00e39da365e4dc0
SHA1

a1b0ebd5f7ae7847b9d6d0427ad3a210f253e90d
SHA256

75476fc17d13474b07bee8b665e0a08f1bba56eaaf8f46421566ad3f7061691b
SHA512

8c1d1246531343747f7f3bd7e89a8a95ba28bf5d84f17d5f5d2da4e0a25c1b3164554dea403ef2326215ba5ab3d924bb64ca6ee673106d51f77a6594287e5f36
SSDEEP

6144:E92KH5dM89xwzLlJGTbft7sd7S84KdsOlwSo9n5tiiJUi:DaVxwnXIbft7sw8ddsOlJo9n5tJUi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
560	4292	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 4292	3456	rundll32.exe	83
PID 3456 wrote to memory of 4292	3456	rundll32.exe	83
PID 3456 wrote to memory of 4292	3456	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75476fc17d13474b07bee8b665e0a08f1bba56eaaf8f46421566ad3f7061691b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\75476fc17d13474b07bee8b665e0a08f1bba56eaaf8f46421566ad3f7061691b.dll,#1
  2⤵
  PID:4292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 580
    3⤵
    - Program crash
    PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4292 -ip 4292
1⤵
PID:3956