93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1

Analysis

max time kernel
163s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 12:17

Target

93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll
Size

99KB
MD5

505e9fab828bdae4af81b737aeca3d8b
SHA1

85ff979bc1dfa1b968a3326d5ba44e62eb2a4864
SHA256

93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1
SHA512

d16bfb667b6d695e61378f3fddf3f9fff999ce319d824107d9c9f4dc16914b188f625d410b430b52528dfacddd4d747ef7d5125e7de2291c3864d54bdafbc31c
SSDEEP

1536:ScWV/1KFfw7ZlhOnBtBnE1sLa6zl6MvXsZUbPzS3OU+R5Ndss1hVPI:XFo7ZlAHBn/bl6M/sZePer+bN+s1DPI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4820	1808	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1808	2228	rundll32.exe	78
PID 2228 wrote to memory of 1808	2228	rundll32.exe	78
PID 2228 wrote to memory of 1808	2228	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll,#1
  2⤵
  PID:1808
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 544
    3⤵
    - Program crash
    PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1808 -ip 1808
1⤵
PID:4148