bc4672128bb8c52a0f1be1e6ffe79bae1a509c074cfddd807c4e91282ad55427

Analysis

max time kernel
187s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 14:16

Target

bc4672128bb8c52a0f1be1e6ffe79bae1a509c074cfddd807c4e91282ad55427.dll
Size

175KB
MD5

d19a24200439c628aa0541e3879eb68d
SHA1

25b6e0b5750a195612de5bbcfa38d7f84b0822e3
SHA256

bc4672128bb8c52a0f1be1e6ffe79bae1a509c074cfddd807c4e91282ad55427
SHA512

3f58434d4bf057e9bcc534b542f605c0dd85cde785da3d9f43af41869640198c2912df50ba284228a2c37c21fc5326d7525ba969f493794041b21ce1dcfc5deb
SSDEEP

3072:dnu4gFm2UALcpuaXAccnuulgQGdss+UoBI3d:du43A4oaQcHpOqoBI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4172	2252	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2252	1720	rundll32.exe	81
PID 1720 wrote to memory of 2252	1720	rundll32.exe	81
PID 1720 wrote to memory of 2252	1720	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc4672128bb8c52a0f1be1e6ffe79bae1a509c074cfddd807c4e91282ad55427.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc4672128bb8c52a0f1be1e6ffe79bae1a509c074cfddd807c4e91282ad55427.dll,#1
  2⤵
  PID:2252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 580
    3⤵
    - Program crash
    PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2252 -ip 2252
1⤵
PID:4456