7b93c6873dcb94f1fabe1cf8ea24b67c500d2d37a3809bde5480f2bbf55b54e7

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 13:25

Target

7b93c6873dcb94f1fabe1cf8ea24b67c500d2d37a3809bde5480f2bbf55b54e7.dll
Size

356KB
MD5

04b17c3c8f216b67e38d1c0ff43f7640
SHA1

92ffd459864a6304cb15447351995f90574726bc
SHA256

7b93c6873dcb94f1fabe1cf8ea24b67c500d2d37a3809bde5480f2bbf55b54e7
SHA512

cfc04fb40b314b83900ecf56dc8f930332d19782d7e8397857c41fe81eb2b0d7dc59b2b3f7572bf8c203ae960b8541e98fc8e92fc73c96e794d572609a3db6a9
SSDEEP

6144:XfIMG2F71Qf0eyArffK8rXyQTBJX33NF:XfIM403UfNrXyQTrXb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5028	3036	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 3036	3252	rundll32.exe	82
PID 3252 wrote to memory of 3036	3252	rundll32.exe	82
PID 3252 wrote to memory of 3036	3252	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b93c6873dcb94f1fabe1cf8ea24b67c500d2d37a3809bde5480f2bbf55b54e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b93c6873dcb94f1fabe1cf8ea24b67c500d2d37a3809bde5480f2bbf55b54e7.dll,#1
  2⤵
  PID:3036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 620
    3⤵
    - Program crash
    PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3036 -ip 3036
1⤵
PID:5104

memory/3036-132-0x0000000000000000-mapping.dmp

Download
memory/3036-133-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download