f58230e5c3f8bcb4b61f9d45937524d1e81fc9dcdf9da86a8277fc4d35b8b8af

Analysis

max time kernel
110s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 11:06

Target

f58230e5c3f8bcb4b61f9d45937524d1e81fc9dcdf9da86a8277fc4d35b8b8af.dll
Size

295KB
MD5

c2e21bd9ecbcebcf383c7bbf1894944e
SHA1

b457912c0512d1cd60dfb353f8732aa03d25b768
SHA256

f58230e5c3f8bcb4b61f9d45937524d1e81fc9dcdf9da86a8277fc4d35b8b8af
SHA512

33c45c931cfa4827e4aeb05e6565a6673238c14f7a12210c408d6fcfc80e25e31ef544df9c8174a4db147486686fecb2008106c67697186a0fc008be724aacf9
SSDEEP

6144:CVTk26543XYZTLOH6rV0SdNyTVu2nbGRhMoVMHwLGbA:KTkN4YZmHeVRGcQGcoVywLGbA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1864	1188	WerFault.exe	76

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 1188	4624	rundll32.exe	76
PID 4624 wrote to memory of 1188	4624	rundll32.exe	76
PID 4624 wrote to memory of 1188	4624	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58230e5c3f8bcb4b61f9d45937524d1e81fc9dcdf9da86a8277fc4d35b8b8af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58230e5c3f8bcb4b61f9d45937524d1e81fc9dcdf9da86a8277fc4d35b8b8af.dll,#1
  2⤵
  PID:1188
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 580
    3⤵
    - Program crash
    PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1188 -ip 1188
1⤵
PID:2948

memory/1188-133-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download
memory/1188-134-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download