ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1

Analysis

max time kernel
297s
max time network
443s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:46

Target

ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll
Size

352KB
MD5

13218edf2f62787a2777b44096844c5b
SHA1

911a723e438e13eb82f487efd35ad5e3016da081
SHA256

ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1
SHA512

0ae5dab7e465668984c385b04c8266fd451fbb76e37c47752cb1dae86720a5ce6f2bb259d2946ecee604595c8600210d5a14f452d2ff7921a2710690857d7eae
SSDEEP

6144:5mA4uETOaBZLlHN3Xm0JkHXiPEamA4uETOaBZLlHN3Xm0JkHXiPEP:5F4kaBZNhXRuSPJF4kaBZNhXRuSPQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1700	3308	WerFault.exe	79

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 3308	4984	rundll32.exe	79
PID 4984 wrote to memory of 3308	4984	rundll32.exe	79
PID 4984 wrote to memory of 3308	4984	rundll32.exe	79
PID 3308 wrote to memory of 1700	3308	rundll32.exe	84
PID 3308 wrote to memory of 1700	3308	rundll32.exe	84
PID 3308 wrote to memory of 1700	3308	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 656
    3⤵
    - Program crash
    PID:1700