b17b663a28d069a9e63c0187ce1b82dc6009feccfb7e81a67f1d209a0037e308

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 19:20

Target

b17b663a28d069a9e63c0187ce1b82dc6009feccfb7e81a67f1d209a0037e308.dll
Size

308KB
MD5

c20a4a39f6646abeb35b24cd242682e4
SHA1

cd37e6764dbbb497a5a34f13c3a2daff374d29cf
SHA256

b17b663a28d069a9e63c0187ce1b82dc6009feccfb7e81a67f1d209a0037e308
SHA512

5ea698c41bc6e70b3a3af995386f97762bc407e4b9ce2f77b280165ef5e792edffbc17b99c91fb0f5c4c730d2ace595520e86da74ddd1a787b2fd29dbf4eaedd
SSDEEP

6144:iMKsckNucRodFG4LhlEsssP496u1fhNftxwyu3CmKP2aj1jTBJTAHe:nKgucRoe4tlN496AbwhCmKPpj1jTw+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3644	2232	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2232	2180	rundll32.exe	80
PID 2180 wrote to memory of 2232	2180	rundll32.exe	80
PID 2180 wrote to memory of 2232	2180	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b17b663a28d069a9e63c0187ce1b82dc6009feccfb7e81a67f1d209a0037e308.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b17b663a28d069a9e63c0187ce1b82dc6009feccfb7e81a67f1d209a0037e308.dll,#1
  2⤵
  PID:2232
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 600
    3⤵
    - Program crash
    PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2232 -ip 2232
1⤵
PID:4796