ffeea29ad8b6c4f3a429ddc7f3ccc4b6dd5c16c6704ab5fe8367e57f2fe15289

Analysis

max time kernel
90s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 06:48

Target

ffeea29ad8b6c4f3a429ddc7f3ccc4b6dd5c16c6704ab5fe8367e57f2fe15289.dll
Size

83KB
MD5

75f8c8f03bc688fa7082b99ecd77442d
SHA1

308c0f69d7a8249b255f926b06e86cab97f5d773
SHA256

ffeea29ad8b6c4f3a429ddc7f3ccc4b6dd5c16c6704ab5fe8367e57f2fe15289
SHA512

0f2aa5ed1f523af2a20ad0e177c9f4e0de31ff95c48b4cdd555a34ae0125b2dfd4bbdf058995642fd06636298aff7fbc07c75278ef18bb392e8db4827229c3e9
SSDEEP

1536:zx173m6H9sGsQeL67Fgra0T+UOeTRzG1TC3GXwvj1r4D9vssOYGjYjWpgbNmL0R7:V173dqcmP+beRzG1Trg5r4DzO5PKkUV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
800	1312	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 1312	1316	rundll32.exe	81
PID 1316 wrote to memory of 1312	1316	rundll32.exe	81
PID 1316 wrote to memory of 1312	1316	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffeea29ad8b6c4f3a429ddc7f3ccc4b6dd5c16c6704ab5fe8367e57f2fe15289.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffeea29ad8b6c4f3a429ddc7f3ccc4b6dd5c16c6704ab5fe8367e57f2fe15289.dll,#1
  2⤵
  PID:1312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 580
    3⤵
    - Program crash
    PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1312 -ip 1312
1⤵
PID:3120

memory/1312-133-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download