6ad0b69633c8625a4ab97d95fade4336d63a56d8463c6bdb6003b27607816fc4

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 23:33

Target

6ad0b69633c8625a4ab97d95fade4336d63a56d8463c6bdb6003b27607816fc4.dll
Size

14KB
MD5

e2aa3751d4139a35ec1e3cf35904c710
SHA1

7676fc767e58b8319a028805c750ef4b7378ae38
SHA256

6ad0b69633c8625a4ab97d95fade4336d63a56d8463c6bdb6003b27607816fc4
SHA512

d1e9539ccb4ab9cc091b9100d66a6c428c11929718b02389f50872a587b5f48d95146b9d959a1a829404cce1b0327c584b83e46e51814869fd4587f669aac379
SSDEEP

384:7wAWtNpJwJ0/Ov2DMRWHGcAxar6+Y9PffPzM:767yVKqWHGPxFbPrM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4308	2956	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2956	2492	rundll32.exe	80
PID 2492 wrote to memory of 2956	2492	rundll32.exe	80
PID 2492 wrote to memory of 2956	2492	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ad0b69633c8625a4ab97d95fade4336d63a56d8463c6bdb6003b27607816fc4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ad0b69633c8625a4ab97d95fade4336d63a56d8463c6bdb6003b27607816fc4.dll,#1
  2⤵
  PID:2956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 640
    3⤵
    - Program crash
    PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2956 -ip 2956
1⤵
PID:3868

memory/2956-133-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download