4e1b6e46ad7a9c04aa3de07fc35350b6f8e7f44a87dc5e0b41833ecd60a95468

Analysis

max time kernel
151s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 04:35

Target

4e1b6e46ad7a9c04aa3de07fc35350b6f8e7f44a87dc5e0b41833ecd60a95468.dll
Size

52KB
MD5

8910d49eb72a15c172ea961d1d2439bc
SHA1

ce327937d2e45246ff45e52514e1d0e868ce6648
SHA256

4e1b6e46ad7a9c04aa3de07fc35350b6f8e7f44a87dc5e0b41833ecd60a95468
SHA512

d3b5eb7b431855083955f0e3beb2343ec87e3fe26b6e637c1088fef63aa2fd90537da9b20cf013cf37759d2ff08d25179943080e74f4115cbbde0394eba6af4a
SSDEEP

768:YyyRBLEJNj7Ddv0ZhXR/jAfddzwFPp6Wmuly24WIeXo9n:cR8f03R/jA7zgB6Wmlfio

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
444	4912	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 4912	456	rundll32.exe	83
PID 456 wrote to memory of 4912	456	rundll32.exe	83
PID 456 wrote to memory of 4912	456	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e1b6e46ad7a9c04aa3de07fc35350b6f8e7f44a87dc5e0b41833ecd60a95468.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e1b6e46ad7a9c04aa3de07fc35350b6f8e7f44a87dc5e0b41833ecd60a95468.dll,#1
  2⤵
  PID:4912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 572
    3⤵
    - Program crash
    PID:444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4912 -ip 4912
1⤵
PID:1936