c4eb0861bb66096960c87a1d96e2c5b101c20ec0885c4c73fb4254ece439a363

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 18:05

Target

c4eb0861bb66096960c87a1d96e2c5b101c20ec0885c4c73fb4254ece439a363.dll
Size

419KB
MD5

1ccf48c1491bc514b3680b5988a473ba
SHA1

20459a15601453a287770cdd6ed5ac32f20dd833
SHA256

c4eb0861bb66096960c87a1d96e2c5b101c20ec0885c4c73fb4254ece439a363
SHA512

886178d0f8285ba22edce10563f9241427db868e1c59e41a81fc7367c3234f8f5116131e4348d2e8e439e50818f00ee478d001cf68fe878d5eaf3395d1f67058
SSDEEP

12288:wiDDkQgII4jdxEqpkPwa7fAaG3skqBIC1up:yQqQE0kPwa7o1YBICM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2248	4916	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 4916	1700	rundll32.exe	80
PID 1700 wrote to memory of 4916	1700	rundll32.exe	80
PID 1700 wrote to memory of 4916	1700	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4eb0861bb66096960c87a1d96e2c5b101c20ec0885c4c73fb4254ece439a363.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4eb0861bb66096960c87a1d96e2c5b101c20ec0885c4c73fb4254ece439a363.dll,#1
  2⤵
  PID:4916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 584
    3⤵
    - Program crash
    PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4916 -ip 4916
1⤵
PID:2100