d062ba358b9111903a0083670a78fa52cae6bf63b1c99fbdc87c1acf4a3b9eec

Analysis

max time kernel
143s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 04:23

Target

d062ba358b9111903a0083670a78fa52cae6bf63b1c99fbdc87c1acf4a3b9eec.dll
Size

161KB
MD5

e5fd7667c1d2ad4b1f8efb89cad24715
SHA1

a73b19249d8e9a4a3e8e5f7d7ec34fa8be6f9881
SHA256

d062ba358b9111903a0083670a78fa52cae6bf63b1c99fbdc87c1acf4a3b9eec
SHA512

717c1b88d0e74e2529d9d6083c17914112810f9cbfda13fb36290200f74e94466fc02f3eabdfcc25de8baef0ed09684c13853027a9260d9599d97731a2ac56c2
SSDEEP

3072:ZFvz4ZfF5fdsQOB2FcNt4wzotIWMnYMIrsPHtJd2JDPwQBkbGQ:Zm5fCnCgOaotIWMnYMIr8xSJBS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1240	3112	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 3112	1928	rundll32.exe	80
PID 1928 wrote to memory of 3112	1928	rundll32.exe	80
PID 1928 wrote to memory of 3112	1928	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d062ba358b9111903a0083670a78fa52cae6bf63b1c99fbdc87c1acf4a3b9eec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d062ba358b9111903a0083670a78fa52cae6bf63b1c99fbdc87c1acf4a3b9eec.dll,#1
  2⤵
  PID:3112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 592
    3⤵
    - Program crash
    PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3112 -ip 3112
1⤵
PID:2200