c04955cbbfe125dad7f6ed2f64e45048984be8dead8da3a14324d3e56af80564

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 05:55

Target

c04955cbbfe125dad7f6ed2f64e45048984be8dead8da3a14324d3e56af80564.dll
Size

80KB
MD5

b2e9eb1993c0f4aab886a3ad359c1cb9
SHA1

3f3d084c37eeda872223795b4dbc9ab0cc68232d
SHA256

c04955cbbfe125dad7f6ed2f64e45048984be8dead8da3a14324d3e56af80564
SHA512

722b02103b661712acd0a81ae5f9e363a19cf4e1de8fab40b115a4a6c2e731a759d6abc4cfa65a142da5fdc3f7cbe7ccf024137edc9a501c46e37e3be84e8fc6
SSDEEP

1536:fCZbzExj4y52j/k9wNYEGtyQFHoGSLdCBjTxrZnrYy:6Fi0K2JNXcyQFHWoBjTxrFrY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4392	1100	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1100	5044	rundll32.exe	80
PID 5044 wrote to memory of 1100	5044	rundll32.exe	80
PID 5044 wrote to memory of 1100	5044	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c04955cbbfe125dad7f6ed2f64e45048984be8dead8da3a14324d3e56af80564.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c04955cbbfe125dad7f6ed2f64e45048984be8dead8da3a14324d3e56af80564.dll,#1
  2⤵
  PID:1100
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 544
    3⤵
    - Program crash
    PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1100 -ip 1100
1⤵
PID:1436