7b614c12c1dd6f9ca781d6cd5a2a2433c53e4856fa80f8779a9436bd054fa14c

Analysis

max time kernel
199s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 13:26

Target

7b614c12c1dd6f9ca781d6cd5a2a2433c53e4856fa80f8779a9436bd054fa14c.dll
Size

312KB
MD5

2af7ecf00a5d65c7ae43e249254bff00
SHA1

941311835db7e8f1c780880b99c7effcde0237c7
SHA256

7b614c12c1dd6f9ca781d6cd5a2a2433c53e4856fa80f8779a9436bd054fa14c
SHA512

10eb1bdd5305f6a7cb80075bd2f9583a828b8ae723179e03e3507fc7e9d6e8dad06dbf798ba65ee9162c19361cf751efb09b1a89b648354f33474a690c5448b5
SSDEEP

6144:fSRxgM35PPiVAuzf8H28+hI39leI2XepIoqKquH3InBJ/D:E3VPQf8H2bhsAmI3uH3Ab

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4212	3304	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 3304	4652	rundll32.exe	83
PID 4652 wrote to memory of 3304	4652	rundll32.exe	83
PID 4652 wrote to memory of 3304	4652	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b614c12c1dd6f9ca781d6cd5a2a2433c53e4856fa80f8779a9436bd054fa14c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b614c12c1dd6f9ca781d6cd5a2a2433c53e4856fa80f8779a9436bd054fa14c.dll,#1
  2⤵
  PID:3304
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 664
    3⤵
    - Program crash
    PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3304 -ip 3304
1⤵
PID:3312

memory/3304-133-0x00000000008D0000-0x0000000000907000-memory.dmp

Filesize
220KB

Download
memory/3304-134-0x0000000000910000-0x000000000095E000-memory.dmp

Filesize
312KB

Download
memory/3304-138-0x00000000008D0000-0x0000000000907000-memory.dmp

Filesize
220KB

Download