ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105

Analysis

max time kernel
198s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 05:35

Target

ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105.dll
Size

76KB
MD5

720f4b2ef1aff0889c750498a193cdcd
SHA1

4223fd3ce0a179af85a5e21cd9d28c14286a6e78
SHA256

ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105
SHA512

7719bfd3e00010f9b0aeba5166d324332b58b57318b74806aca98e12c993122d1629696787a841ac7926f9a3a7322e78e6311db850535e4cf52828ea22b1e266
SSDEEP

1536:kEDuOu9FnH+DQQmm98F6M8/QC+s5IOeHnToIf1OxczY68bOD6:k+QeDPL/Q7sTeHTBfEuzY68bOD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3884	4524	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 4524	1072	rundll32.exe	80
PID 1072 wrote to memory of 4524	1072	rundll32.exe	80
PID 1072 wrote to memory of 4524	1072	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105.dll,#1
  2⤵
  PID:4524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 688
    3⤵
    - Program crash
    PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4524 -ip 4524
1⤵
PID:4512