af4925c45b5cc21dda12d9cd9cd85b881c0116746c3fcf861be6280671234bce

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 19:28

Target

af4925c45b5cc21dda12d9cd9cd85b881c0116746c3fcf861be6280671234bce.dll
Size

446KB
MD5

962ce603f6c77f6b4be0533287ec8717
SHA1

ccd20a72288ade8a5c91cd94aafb46b52275a0a4
SHA256

af4925c45b5cc21dda12d9cd9cd85b881c0116746c3fcf861be6280671234bce
SHA512

603267f596e95a328cac749ae31d64e0ea747bd0f314ac50fee15db01d9867aafe35f2a1e600028609b405ebd99bbb2a7e52a16059ed74832d9e69e4d62aad46
SSDEEP

12288:w4BcGx6/txvFary/kLuJJzOVjB4ANDD+J7b:nHetxvFahLuPOFXliJ7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3672	2260	WerFault.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2260	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2260	2500	rundll32.exe	81
PID 2500 wrote to memory of 2260	2500	rundll32.exe	81
PID 2500 wrote to memory of 2260	2500	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af4925c45b5cc21dda12d9cd9cd85b881c0116746c3fcf861be6280671234bce.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af4925c45b5cc21dda12d9cd9cd85b881c0116746c3fcf861be6280671234bce.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 596
    3⤵
    - Program crash
    PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2260 -ip 2260
1⤵
PID:2160