af4726a313ad57e1641248bc097eb656d5a4de1446a6486bc15dd57f060b3efb

Analysis

max time kernel
184s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 15:19

Target

af4726a313ad57e1641248bc097eb656d5a4de1446a6486bc15dd57f060b3efb.dll
Size

164KB
MD5

9756ae74902e498f335e8b08b2552949
SHA1

1b58508d39e2cabaff830f605c5680fb1bd9537c
SHA256

af4726a313ad57e1641248bc097eb656d5a4de1446a6486bc15dd57f060b3efb
SHA512

1f479b41a5b2cbe2efd2db288e63889c1ef68a91c855cfe4ec3a23365615a641ce47e6f472320b19733549eed6643390e052e24728cb0e299d3f2012d14b21b1
SSDEEP

3072:chLXJpt4omqAWQbuOObdsmzF70YMo/GYsyT3FBA0iv8F3j9eHJgxWjI0:ch7Jr45qcORRp/GVc1OUF3j98cC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2160	1420	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 1420	1072	rundll32.exe	80
PID 1072 wrote to memory of 1420	1072	rundll32.exe	80
PID 1072 wrote to memory of 1420	1072	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af4726a313ad57e1641248bc097eb656d5a4de1446a6486bc15dd57f060b3efb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af4726a313ad57e1641248bc097eb656d5a4de1446a6486bc15dd57f060b3efb.dll,#1
  2⤵
  PID:1420
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 564
    3⤵
    - Program crash
    PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1420 -ip 1420
1⤵
PID:1284