1eb450559fb1d8671437e52065d50f8799d5574855a98cd3c44fc230895fd8d0

Analysis

max time kernel
179s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:20

Target

1eb450559fb1d8671437e52065d50f8799d5574855a98cd3c44fc230895fd8d0.dll
Size

380KB
MD5

f89856289bc53a275fb4599c67cc37e0
SHA1

6e9a5320e3a5b6a302a566d061ccc19540f84662
SHA256

1eb450559fb1d8671437e52065d50f8799d5574855a98cd3c44fc230895fd8d0
SHA512

ec980e8719bf0f6a0fc02653920721eddac66b31b88e8ec6190faa4e2ecfa9c2b417cd0a14dc1d01a786942947485f33c68415b31591c5c556192b03aa03e125
SSDEEP

6144:qr0veBg51dehxM8s58mzZ3qYbnXt3v02Fp6qUNcixaujKndVwG0SYhi0:y0veB2w3hi8m166XB04gqUNZxaHdOR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4876	4264	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 4264	1412	rundll32.exe	83
PID 1412 wrote to memory of 4264	1412	rundll32.exe	83
PID 1412 wrote to memory of 4264	1412	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1eb450559fb1d8671437e52065d50f8799d5574855a98cd3c44fc230895fd8d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1eb450559fb1d8671437e52065d50f8799d5574855a98cd3c44fc230895fd8d0.dll,#1
  2⤵
  PID:4264
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 664
    3⤵
    - Program crash
    PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4264 -ip 4264
1⤵
PID:3188

memory/4264-133-0x0000000002480000-0x00000000024B4000-memory.dmp

Filesize
208KB

Download
memory/4264-134-0x00000000024C0000-0x000000000251F000-memory.dmp

Filesize
380KB

Download
memory/4264-138-0x0000000002480000-0x00000000024B4000-memory.dmp

Filesize
208KB

Download