b06411946a53588d553358ad750c4c3403f6b11a6e3aeb4c282a0bf9a449f1b4

Analysis

max time kernel
122s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 04:09

Target

b06411946a53588d553358ad750c4c3403f6b11a6e3aeb4c282a0bf9a449f1b4.dll
Size

152KB
MD5

423b093a9818493292587274a69a3721
SHA1

322c2cb41a67fcf47bb5170cc4e4735c90fc6b0d
SHA256

b06411946a53588d553358ad750c4c3403f6b11a6e3aeb4c282a0bf9a449f1b4
SHA512

d07b094fd4e5da59a01c92b626fb3db0a4bca595eb8dc45cf376714564934783ed5d07c6b7acdd733c96e52f219ab5bc9f98d640057bc32cec7df84d16c3a69b
SSDEEP

3072:J7+5lAeiE1P6YTrPUXruuKrhGQyTTBftdPnuD2:J7mNbPUXrerxyTTBldPnuD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3692	2176	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 2176	996	rundll32.exe	81
PID 996 wrote to memory of 2176	996	rundll32.exe	81
PID 996 wrote to memory of 2176	996	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b06411946a53588d553358ad750c4c3403f6b11a6e3aeb4c282a0bf9a449f1b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b06411946a53588d553358ad750c4c3403f6b11a6e3aeb4c282a0bf9a449f1b4.dll,#1
  2⤵
  PID:2176
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 600
    3⤵
    - Program crash
    PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2176 -ip 2176
1⤵
PID:1532