c0eb75467305072526a8402a6ca1a3e40ecaa3c3e6f8f868c4015ddf3419e954

Analysis

max time kernel
146s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 06:57

Target

c0eb75467305072526a8402a6ca1a3e40ecaa3c3e6f8f868c4015ddf3419e954.dll
Size

124KB
MD5

c13790f17175fb59f92464019fe095b1
SHA1

71201887b0b8a55b612ccab3bb306bd04356f5b7
SHA256

c0eb75467305072526a8402a6ca1a3e40ecaa3c3e6f8f868c4015ddf3419e954
SHA512

0a35b8aaa386f872a25886bcff936dfcb31cd02253db80bdfbff97f934afd7ed47c9b88ddb6ed0e46d5f40cf974d97ec303a7bb77525e3cf50d823e64d6a76a4
SSDEEP

3072:7EMg83K/D/No0e2TiEVP8ZfLrfKD7KMMiU1m9:ZgFDVhe2pVufLWD7KNP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3444	2416	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 2416	4432	rundll32.exe	82
PID 4432 wrote to memory of 2416	4432	rundll32.exe	82
PID 4432 wrote to memory of 2416	4432	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0eb75467305072526a8402a6ca1a3e40ecaa3c3e6f8f868c4015ddf3419e954.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0eb75467305072526a8402a6ca1a3e40ecaa3c3e6f8f868c4015ddf3419e954.dll,#1
  2⤵
  PID:2416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 596
    3⤵
    - Program crash
    PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2416 -ip 2416
1⤵
PID:4908