14645740d38403ce2e8bda4b0732d9af3e92c84589f890c85993fcc3f387810d

Analysis

max time kernel
146s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 08:34

Target

14645740d38403ce2e8bda4b0732d9af3e92c84589f890c85993fcc3f387810d.dll
Size

48KB
MD5

4d0bf375edd9bb29609699979d624850
SHA1

8c728906aa4328a09990933eeab25e449838951a
SHA256

14645740d38403ce2e8bda4b0732d9af3e92c84589f890c85993fcc3f387810d
SHA512

4d54662b511d2c0380fd2882ac7ca5ca209ef1072e47df37a7ee16e1b4ed341b4c6ed429a79b9cb6bbdb3db7d2df296ab5040c36034cb2f3286fd83a6d64fd5b
SSDEEP

768:ex9z+wHwvfJNC3/fYa2CC5NvX0IVQg0mAg8Abyl9k2wghC7imnVY27uIcLflXwsx:K9i5NKfDo5VQoANAeF5M7im97cXwe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1180	4272	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 4272	872	rundll32.exe	83
PID 872 wrote to memory of 4272	872	rundll32.exe	83
PID 872 wrote to memory of 4272	872	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14645740d38403ce2e8bda4b0732d9af3e92c84589f890c85993fcc3f387810d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14645740d38403ce2e8bda4b0732d9af3e92c84589f890c85993fcc3f387810d.dll,#1
  2⤵
  PID:4272
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 608
    3⤵
    - Program crash
    PID:1180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4272 -ip 4272
1⤵
PID:1548

memory/4272-133-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download