145c89ada80122c2d9ef4c54dfa5ba6ac6054525dd1123a29df7daf98035f53a

Analysis

max time kernel
75s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:58

Target

145c89ada80122c2d9ef4c54dfa5ba6ac6054525dd1123a29df7daf98035f53a.dll
Size

91KB
MD5

71a52a05b72afd31ebb8e2ae3ad0c560
SHA1

01d3e54e0fcea1e23c299dc2520089e0195093d5
SHA256

145c89ada80122c2d9ef4c54dfa5ba6ac6054525dd1123a29df7daf98035f53a
SHA512

b9ab75dda4584f01a90d036e3d4d058f65a4199a9db74436681086fee78f60090d751af408930ee84bc1395f795b8dbe02cf0b92d6d577317c8d7c2cd2b488e5
SSDEEP

1536:8THQpoCr4GTnagdolDkWALl49iXCsU6L2KE+Q2MBDHvSIkhwpbB:8THRRpmoDAkJ6L452MNv0ObB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4904	2868	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 2868	768	rundll32.exe	80
PID 768 wrote to memory of 2868	768	rundll32.exe	80
PID 768 wrote to memory of 2868	768	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\145c89ada80122c2d9ef4c54dfa5ba6ac6054525dd1123a29df7daf98035f53a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\145c89ada80122c2d9ef4c54dfa5ba6ac6054525dd1123a29df7daf98035f53a.dll,#1
  2⤵
  PID:2868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 572
    3⤵
    - Program crash
    PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2868 -ip 2868
1⤵
PID:4908