a190e41402187ba49443a3b160eb0266e1500b7c7bf551c34f71e090eaff298e

Analysis

max time kernel
246s
max time network
283s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 20:01

Target

a190e41402187ba49443a3b160eb0266e1500b7c7bf551c34f71e090eaff298e.dll
Size

432KB
MD5

7935d993b741f199d3f3e7c0ec87f570
SHA1

9c29f78b8a621133547eb20fbc4fc43eba405c9f
SHA256

a190e41402187ba49443a3b160eb0266e1500b7c7bf551c34f71e090eaff298e
SHA512

165e282f2ff35014048243b8c0ecd306022e0f0430b9fdd9055295d24921a1db720c543cbb66ba92016c2e27fe6800bff8d01768bb4881d5802a3bea82e4e077
SSDEEP

6144:BFG2MBlP4Na/plKQSrQduDTyZhy684NAvuw+HoK3xbokwrqGzUEaiucap4nrrcMa:rUTPfHxduDDv4mT83wxHadPpF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
428	4100	WerFault.exe	79

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 4100	2264	rundll32.exe	79
PID 2264 wrote to memory of 4100	2264	rundll32.exe	79
PID 2264 wrote to memory of 4100	2264	rundll32.exe	79
PID 4100 wrote to memory of 428	4100	rundll32.exe	82
PID 4100 wrote to memory of 428	4100	rundll32.exe	82
PID 4100 wrote to memory of 428	4100	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a190e41402187ba49443a3b160eb0266e1500b7c7bf551c34f71e090eaff298e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a190e41402187ba49443a3b160eb0266e1500b7c7bf551c34f71e090eaff298e.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4100
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 664
    3⤵
    - Program crash
    PID:428

memory/4100-133-0x0000000001000000-0x000000000106C000-memory.dmp

Filesize
432KB

Download
memory/4100-137-0x0000000000FC0000-0x0000000000FF7000-memory.dmp

Filesize
220KB

Download