e1cb51f47548b1ed6243984695a598363a35ad31df13ab1abdc59e10dbff8102

Analysis

max time kernel
245s
max time network
322s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 21:51

Target

e1cb51f47548b1ed6243984695a598363a35ad31df13ab1abdc59e10dbff8102.dll
Size

82KB
MD5

abfc3958c0884fad71fdfb1d16bf1375
SHA1

055f7904acefd071b35c9595118a3f846f93212b
SHA256

e1cb51f47548b1ed6243984695a598363a35ad31df13ab1abdc59e10dbff8102
SHA512

fb6ad95e972c0441e8cbb17d6db4545016d5642ca31a7290002e3b247565329c2296cd677ff567e08f44c05757140c5ef7c19e2d2e80d65f26a57f74a46cb5f9
SSDEEP

1536:qP5G3u5IDgYUIpL5QJ0zC7eZXsOJLXl1eOelRAXdwnrYIi5DzniGbM+:qPA+y0YU8QezXlFFXdUrLw/nzR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2560	2676	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2676	4892	rundll32.exe	80
PID 4892 wrote to memory of 2676	4892	rundll32.exe	80
PID 4892 wrote to memory of 2676	4892	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1cb51f47548b1ed6243984695a598363a35ad31df13ab1abdc59e10dbff8102.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1cb51f47548b1ed6243984695a598363a35ad31df13ab1abdc59e10dbff8102.dll,#1
  2⤵
  PID:2676
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 608
    3⤵
    - Program crash
    PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2676 -ip 2676
1⤵
PID:1440

memory/2676-133-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download