0629920a7f42b85a34beba2c3d1b21af0baaf36c70427e1e95d73387c51f3ebd

Analysis

max time kernel
161s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 16:02

Target

0629920a7f42b85a34beba2c3d1b21af0baaf36c70427e1e95d73387c51f3ebd.dll
Size

181KB
MD5

959e072eec7c8976d2b7d0a4053b0880
SHA1

1869a59c3cf1f85ec6b18b0200a56432d8eae274
SHA256

0629920a7f42b85a34beba2c3d1b21af0baaf36c70427e1e95d73387c51f3ebd
SHA512

b4d9272df4db2bd5ed6321ba8be544f8efc1c1247962edf742ca814e0582c0a36dc28b7e13fc7eadad26a2d2bc903a8c0bfe250e1b07e4ed519f4251e0c83a05
SSDEEP

3072:qNvkBk74+p+4tyVYG2e/PH0wKGAr53S2jbxWGqXS2jbxWGq:EvJ74H9SG2if0bGCSbGqXSbGq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4240	2100	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 2100	448	rundll32.exe	80
PID 448 wrote to memory of 2100	448	rundll32.exe	80
PID 448 wrote to memory of 2100	448	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0629920a7f42b85a34beba2c3d1b21af0baaf36c70427e1e95d73387c51f3ebd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0629920a7f42b85a34beba2c3d1b21af0baaf36c70427e1e95d73387c51f3ebd.dll,#1
  2⤵
  PID:2100
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 572
    3⤵
    - Program crash
    PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2100 -ip 2100
1⤵
PID:4392