3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776

Analysis

max time kernel
91s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 19:39

Target

3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776.dll
Size

20KB
MD5

82611ffdfc86cf79e960721fc2751a33
SHA1

ec5769d34f3ed827e01ba5a646d9564a5035671e
SHA256

3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776
SHA512

4d951fabe822619f936132aa400a8d700e7898cb676c985154e7d49f26a2296e7beeceaa2516cf4911cf0b6bf8f41bb0e70a65dfa32ce68256e73065224cad21
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplcvCAu8UaWHuqaTlX0wG:zfYh2oCtpXPcvx2OqaewG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2384	4008	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4008	rundll32.exe
4008	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 4008	1232	rundll32.exe	80
PID 1232 wrote to memory of 4008	1232	rundll32.exe	80
PID 1232 wrote to memory of 4008	1232	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3341311e8a2205cd2c10927ae34de7ccef9b35c6e6de43fa304e35057930f776.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 624
    3⤵
    - Program crash
    PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4008 -ip 4008
1⤵
PID:1588