de60de196e28edccb5e7eec672904540b07adebe6c79d618ab65dbb4d6ba0458

Analysis

max time kernel
74s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:09

Target

de60de196e28edccb5e7eec672904540b07adebe6c79d618ab65dbb4d6ba0458.dll
Size

177KB
MD5

cafca73d2c4647aea9fce721b89b6c90
SHA1

18f41809a741f3d41958f6af0031d31cf85e44b2
SHA256

de60de196e28edccb5e7eec672904540b07adebe6c79d618ab65dbb4d6ba0458
SHA512

fb63c4cc45f4094e6e8cd9a5c379ace092ffa9364b7fef0f9ea557c75df7e9e91f4f0d1a6a82b7b6c0a5689bb321ff9dafdb590858906da211d63b657435954b
SSDEEP

3072:4uhE6zRk+fal09DStvh4LwDJKATV+cM/cxqi/n5DPyQf7MXph+lcuf:4uhNnD44A+cS0q4JMXph+lz

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2332	4396	WerFault.exe	82
3032	4396	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 4396	400	rundll32.exe	82
PID 400 wrote to memory of 4396	400	rundll32.exe	82
PID 400 wrote to memory of 4396	400	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de60de196e28edccb5e7eec672904540b07adebe6c79d618ab65dbb4d6ba0458.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\de60de196e28edccb5e7eec672904540b07adebe6c79d618ab65dbb4d6ba0458.dll,#1
  2⤵
  PID:4396
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 560
    3⤵
    - Program crash
    PID:2332
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 804
    3⤵
    - Program crash
    PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4396 -ip 4396
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4396 -ip 4396
1⤵
PID:3132