fde4f679eafcb7e91faf211a7bee9a1544416fcaa8266417b492a2f259dab850

Analysis

max time kernel
188s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 00:33

Target

fde4f679eafcb7e91faf211a7bee9a1544416fcaa8266417b492a2f259dab850.dll
Size

62KB
MD5

dd4c95cb85d8941c8c909d7ce2606b6d
SHA1

cd5c9b20000df1586f4c219eb9df01ba869e6d08
SHA256

fde4f679eafcb7e91faf211a7bee9a1544416fcaa8266417b492a2f259dab850
SHA512

f98deafcf4a82efe7da61c89e1934e4eaae44821f85e4d16517491546aa7aab4d60c17e08b5a1b2226fac36b8f6dfed5c1de4b17dd8524efe1b58c4cbcacbd89
SSDEEP

1536:g2NNyGkHjkDzELu7ilJ2TKnKuabMi1yEELjtTi:guAGWIz86iT2TNu8cEmtTi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4672	3436	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 3436	3648	rundll32.exe	81
PID 3648 wrote to memory of 3436	3648	rundll32.exe	81
PID 3648 wrote to memory of 3436	3648	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fde4f679eafcb7e91faf211a7bee9a1544416fcaa8266417b492a2f259dab850.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fde4f679eafcb7e91faf211a7bee9a1544416fcaa8266417b492a2f259dab850.dll,#1
  2⤵
  PID:3436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 544
    3⤵
    - Program crash
    PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3436 -ip 3436
1⤵
PID:2940

memory/3436-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download