832fe110cda8811695f823e102ff7c7f0e4e0acde2746ca76d7ea30adc1fe735

Analysis

max time kernel
57s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:38

Target

832fe110cda8811695f823e102ff7c7f0e4e0acde2746ca76d7ea30adc1fe735.dll
Size

139KB
MD5

44239cb726d72696aedfd829e3f7e150
SHA1

bb441514a8cb445dc8b46a975c82b810dad6081a
SHA256

832fe110cda8811695f823e102ff7c7f0e4e0acde2746ca76d7ea30adc1fe735
SHA512

38d8ad0c277dedade9a7776dfc987d19767cda072b51558060a5451270434e729bde37ee45e3367abd38a8396a333f95f7e5d653bae1e266e724dec6fa7a6534
SSDEEP

3072:90wpqFegLt9a46GT40hAzJLD2ZWP/0MyFrcgZ:90RFegLtjMA2FD8WP/0lTZ

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1044	940	WerFault.exe	79
4840	940	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 940	868	rundll32.exe	79
PID 868 wrote to memory of 940	868	rundll32.exe	79
PID 868 wrote to memory of 940	868	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\832fe110cda8811695f823e102ff7c7f0e4e0acde2746ca76d7ea30adc1fe735.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\832fe110cda8811695f823e102ff7c7f0e4e0acde2746ca76d7ea30adc1fe735.dll,#1
  2⤵
  PID:940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 648
    3⤵
    - Program crash
    PID:1044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 720
    3⤵
    - Program crash
    PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 940 -ip 940
1⤵
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 940 -ip 940
1⤵
PID:5040