c6a34e511ed1c7bb2ecddfaaba00992d53006db3ed4b5ab3da61943b417227e8

Analysis

max time kernel
256s
max time network
309s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 13:05

Target

c6a34e511ed1c7bb2ecddfaaba00992d53006db3ed4b5ab3da61943b417227e8.dll
Size

63KB
MD5

011065d74db969042661caa6bd32dfeb
SHA1

54dd609c92019db916f8c2fbdf4531f2a588338a
SHA256

c6a34e511ed1c7bb2ecddfaaba00992d53006db3ed4b5ab3da61943b417227e8
SHA512

f207a736cd8954f138e77b91fd0fbd00556ff62efbec099472a93476716643750ca434ebb1531a207d01a126124eba9493fb8b631627507bf9b4a4e45e640665
SSDEEP

768:CF3f1rpqH7qaa+eblzhxxVu2rIWuBcD8ANv7Gax2Q7Q/b9PV0sbM:C9fZp1z+WDu2rCgVyU2QG0s

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4732	4604	WerFault.exe	82
4136	4604	WerFault.exe	82

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4604	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 4604	2684	rundll32.exe	82
PID 2684 wrote to memory of 4604	2684	rundll32.exe	82
PID 2684 wrote to memory of 4604	2684	rundll32.exe	82
PID 4604 wrote to memory of 4732	4604	rundll32.exe	85
PID 4604 wrote to memory of 4732	4604	rundll32.exe	85
PID 4604 wrote to memory of 4732	4604	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6a34e511ed1c7bb2ecddfaaba00992d53006db3ed4b5ab3da61943b417227e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6a34e511ed1c7bb2ecddfaaba00992d53006db3ed4b5ab3da61943b417227e8.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 860
    3⤵
    - Program crash
    PID:4732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 860
    3⤵
    - Program crash
    PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4604 -ip 4604
1⤵
PID:4832