2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4

Analysis

max time kernel
230s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:02

Target

2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4.dll
Size

272KB
MD5

d58d2a5999a7c61e1fd713cdd9040310
SHA1

fa06bd3278a77fa04128918f034325c6fc7418d7
SHA256

2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4
SHA512

241a5a8c921c9f027625698dc30560c34dc81860a0a9682d0f0264c388fed2fb0277c4993ac45f2166c1d8ae9f14fd6a80839e54ef7697003bdb3a96b8971214
SSDEEP

6144:ZUeP1++FXjFQw5ezTBlBAnbn7+TCNWP+0gC:PP1PXjFQFzT3vCNWP+0gC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4552	4260	WerFault.exe	81

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 4260	2160	rundll32.exe	81
PID 2160 wrote to memory of 4260	2160	rundll32.exe	81
PID 2160 wrote to memory of 4260	2160	rundll32.exe	81
PID 4260 wrote to memory of 4552	4260	rundll32.exe	84
PID 4260 wrote to memory of 4552	4260	rundll32.exe	84
PID 4260 wrote to memory of 4552	4260	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 604
    3⤵
    - Program crash
    PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4260 -ip 4260
1⤵
PID:2136