fbf7fa1f473c7226b614d0292f652fa66b74658de7c274ab1b710cb74fb1ea23

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 10:35

Target

fbf7fa1f473c7226b614d0292f652fa66b74658de7c274ab1b710cb74fb1ea23.dll
Size

56KB
MD5

9ed021152f0803ebd8fe8dca0f794c22
SHA1

09e801380dd46a08a59e512d85575d6a188673fa
SHA256

fbf7fa1f473c7226b614d0292f652fa66b74658de7c274ab1b710cb74fb1ea23
SHA512

2172552a2307d9008b49379c992ab6b5e07f4f4ffa766d2f6426ba13ed418a153f315257a596f16622b7c4ff5e11368b1dfb50d7232aaf73483e17d2b43821e2
SSDEEP

1536:2v5ZVuDGFZ/INv6Por6yC7Wx0a8MT+zU5odP5MNUkT:2v/VjYvQoWt7A0QTKCcP5cT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3380	2124	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2124	1556	rundll32.exe	80
PID 1556 wrote to memory of 2124	1556	rundll32.exe	80
PID 1556 wrote to memory of 2124	1556	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbf7fa1f473c7226b614d0292f652fa66b74658de7c274ab1b710cb74fb1ea23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbf7fa1f473c7226b614d0292f652fa66b74658de7c274ab1b710cb74fb1ea23.dll,#1
  2⤵
  PID:2124
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 544
    3⤵
    - Program crash
    PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2124 -ip 2124
1⤵
PID:3636