32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9

Analysis

max time kernel
92s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:52

Target

32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll
Size

102KB
MD5

b69835407a7062329cf2baa2026f5670
SHA1

869c4a8dcc378b44904404a95a0c839b4f042f70
SHA256

32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9
SHA512

cac16b450f60908346f60428fd90620ae1b6f78165853c1463b509b5c3b16c60da6d9df3a07a4b9266ad28a44bad21c50d90b2a56f57ef2ce6342439075b0fd6
SSDEEP

48:hx60j205VRgSF5aXqaukgk/png7fFJjMmbu:7201gwpkyPg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3744	4932	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 4932	3160	rundll32.exe	81
PID 3160 wrote to memory of 4932	3160	rundll32.exe	81
PID 3160 wrote to memory of 4932	3160	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll,#1
  2⤵
  PID:4932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 552
    3⤵
    - Program crash
    PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4932 -ip 4932
1⤵
PID:2076

memory/4932-133-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download