3b26db7ce8d8e3168781895d9005f24b8f66c2f2ddaeeb5e5350cb960f639ed1

Analysis

max time kernel
165s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:09

Target

3b26db7ce8d8e3168781895d9005f24b8f66c2f2ddaeeb5e5350cb960f639ed1.dll
Size

86KB
MD5

369201ba0e66f4aff761c8412a6ca9b0
SHA1

2018a3b2cc084910cd8807571bcb72531c1a5155
SHA256

3b26db7ce8d8e3168781895d9005f24b8f66c2f2ddaeeb5e5350cb960f639ed1
SHA512

739786863ca69f5c2437bf084573aea7c0b8ba718046571f545baf8d9ae023ecf6b9b0ec40632982f8028995e5f561d7412565eae33a147889fcde8de3114f81
SSDEEP

1536:qNt6TsINjWifaWO2faATRgQ3w8Qq2VOL72SD3:zTNKifaWOoTR8jLOL7H

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
308	4912	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4912	4932	rundll32.exe	82
PID 4932 wrote to memory of 4912	4932	rundll32.exe	82
PID 4932 wrote to memory of 4912	4932	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b26db7ce8d8e3168781895d9005f24b8f66c2f2ddaeeb5e5350cb960f639ed1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b26db7ce8d8e3168781895d9005f24b8f66c2f2ddaeeb5e5350cb960f639ed1.dll,#1
  2⤵
  PID:4912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 544
    3⤵
    - Program crash
    PID:308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 4912 -ip 4912
1⤵
PID:3920

memory/4912-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download