d71fca4e45defab4f63516a1cac0d42ab73f988c3ad4a80509ca8d1372d39f0e

Analysis

max time kernel
90s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:01

Target

d71fca4e45defab4f63516a1cac0d42ab73f988c3ad4a80509ca8d1372d39f0e.dll
Size

368KB
MD5

09a825ffed35c210d17bb575deb965b0
SHA1

2ec5cc6cc0153ea45e474d20a1e7770cd25815c8
SHA256

d71fca4e45defab4f63516a1cac0d42ab73f988c3ad4a80509ca8d1372d39f0e
SHA512

5658e7caab070db9d1828b8cd2f402ffa4fd9365799b5779931d4d28e3a717f78cbd894492e41ecd5f3258077246d5af233775b3ddb0de57937ba839c0dae4a5
SSDEEP

6144:mt10NKnnSu/xs1822wSECNz/Ez2tQM/bWc1MfHdU6wQzWfu1pf3Q0BIJ0jm0pUI:mT0UV/n2/y/4wlbWcqfHdURAG+bZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4760	3548	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3548	3044	rundll32.exe	80
PID 3044 wrote to memory of 3548	3044	rundll32.exe	80
PID 3044 wrote to memory of 3548	3044	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d71fca4e45defab4f63516a1cac0d42ab73f988c3ad4a80509ca8d1372d39f0e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d71fca4e45defab4f63516a1cac0d42ab73f988c3ad4a80509ca8d1372d39f0e.dll,#1
  2⤵
  PID:3548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 668
    3⤵
    - Program crash
    PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3548 -ip 3548
1⤵
PID:4768

memory/3548-133-0x00000000022A0000-0x00000000022FC000-memory.dmp

Filesize
368KB

Download
memory/3548-137-0x0000000002260000-0x0000000002293000-memory.dmp

Filesize
204KB

Download