c1cd15e0d9de56835c2401d0c4fca0a504685343ff3e46f5775b68a85f3a82c0

Analysis

max time kernel
156s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 20:00

Target

c1cd15e0d9de56835c2401d0c4fca0a504685343ff3e46f5775b68a85f3a82c0.dll
Size

96KB
MD5

6fb81978466820014256b56d0a23a75d
SHA1

d573463b1995e519a1f7df8cc2df2dfba8e3419c
SHA256

c1cd15e0d9de56835c2401d0c4fca0a504685343ff3e46f5775b68a85f3a82c0
SHA512

8096f9f9d50717ca0cb2e47168242a2f7c7a0b24b5a7465134b6a593dbb15d059a3beb56344c6d5b0b8e3e4080b2c7250e26176625d94562d92e1399ddd74577
SSDEEP

1536:T/On6pVOROLg7E6tmA29dGtDtoeaF81BeKW25Kx7nyv2Ah9UI3REvR9jk:rAYV9L9wKUBqeaF81ZWEyTyxd3Kp9jk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4812	4868	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 4868	4928	rundll32.exe	80
PID 4928 wrote to memory of 4868	4928	rundll32.exe	80
PID 4928 wrote to memory of 4868	4928	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1cd15e0d9de56835c2401d0c4fca0a504685343ff3e46f5775b68a85f3a82c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1cd15e0d9de56835c2401d0c4fca0a504685343ff3e46f5775b68a85f3a82c0.dll,#1
  2⤵
  PID:4868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 580
    3⤵
    - Program crash
    PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4868 -ip 4868
1⤵
PID:4916

memory/4868-133-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/4868-134-0x0000000002E70000-0x0000000002F89000-memory.dmp

Filesize
1.1MB

Download