dcf1b2e6c8107aed058a8e7e3b874f16f84cf811bd6f5ee0dc8230943004190d

Analysis

max time kernel
140s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 14:21

Target

dcf1b2e6c8107aed058a8e7e3b874f16f84cf811bd6f5ee0dc8230943004190d.dll
Size

128KB
MD5

bd044ffe4c0545a78d1c469100099049
SHA1

f25847348d752f4e96f904e0264991625dd8f8ae
SHA256

dcf1b2e6c8107aed058a8e7e3b874f16f84cf811bd6f5ee0dc8230943004190d
SHA512

13465c4de25a811ec68b33faf164fac8af4a2865b27723a404a4e8801ce35d351951084eb774e169ad0b55f145965b496013ccffc8605e5c8539a99981da0cd9
SSDEEP

3072:hPP9JJGoDV7OcVrB9DsdTqs3OL5PFn0wcccccccc:FPlV7jB9DsdTX30PFn0wcccccccc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 3428	1432	rundll32.exe	84
PID 1432 wrote to memory of 3428	1432	rundll32.exe	84
PID 1432 wrote to memory of 3428	1432	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf1b2e6c8107aed058a8e7e3b874f16f84cf811bd6f5ee0dc8230943004190d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf1b2e6c8107aed058a8e7e3b874f16f84cf811bd6f5ee0dc8230943004190d.dll,#1
  2⤵
  PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3428 -ip 3428
1⤵
PID:4996