584878845c85f25fcda24f5a37d7acf158364e03dd8069f5a4acc3fbee0c984a

Analysis

max time kernel
155s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 04:58

Target

584878845c85f25fcda24f5a37d7acf158364e03dd8069f5a4acc3fbee0c984a.dll
Size

204KB
MD5

44be29c975937e216f8617e42326cef7
SHA1

802c7fa548acc342c7bec2c867f6badfc4b83f22
SHA256

584878845c85f25fcda24f5a37d7acf158364e03dd8069f5a4acc3fbee0c984a
SHA512

fec41fdf4a9eecd913745b735a39665cd67c6e28eeb2d729f35255621683587a03b988b766184be08ed14a71a004a979b3cda817dbb86947c7a69a2c3aa13160
SSDEEP

6144:23gCo8+5r/P+SRHzUQeeaQeegQeesQee2tQeehQee9nFiEDR6iM+:23gCoJZLyoEDR6i

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2260	4880	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4880	4632	rundll32.exe	78
PID 4632 wrote to memory of 4880	4632	rundll32.exe	78
PID 4632 wrote to memory of 4880	4632	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\584878845c85f25fcda24f5a37d7acf158364e03dd8069f5a4acc3fbee0c984a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\584878845c85f25fcda24f5a37d7acf158364e03dd8069f5a4acc3fbee0c984a.dll,#1
  2⤵
  PID:4880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 568
    3⤵
    - Program crash
    PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4880 -ip 4880
1⤵
PID:2556