fcbe43847b1351eb127f2ce5ab68ffd05779d5cfba01e5ee26f1fdfb18cb6eb3

Analysis

max time kernel
277s
max time network
398s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:50

Target

fcbe43847b1351eb127f2ce5ab68ffd05779d5cfba01e5ee26f1fdfb18cb6eb3.dll
Size

59KB
MD5

30c08a3992caea4610fd4b9007a038b6
SHA1

69bbff6e0ed48fb644a33d753c0a148b753aa931
SHA256

fcbe43847b1351eb127f2ce5ab68ffd05779d5cfba01e5ee26f1fdfb18cb6eb3
SHA512

1a97a462d030f5e908cbefd2c97c478b436a73a7b215f4f110665b7471394cbf0fab57bbcd9290b338a89e661db176e12bf12063e5c11ae6131cd0edf3637af9
SSDEEP

768:q/1yqHK9NtWasRj4vhpJirCTbVInddGxfQ+TMJ4RNB1krwrmMePcNuEj:kNHKz7s+vvJi+InqmCMJ433AcNu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3124	4712	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 4712	3524	rundll32.exe	80
PID 3524 wrote to memory of 4712	3524	rundll32.exe	80
PID 3524 wrote to memory of 4712	3524	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcbe43847b1351eb127f2ce5ab68ffd05779d5cfba01e5ee26f1fdfb18cb6eb3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcbe43847b1351eb127f2ce5ab68ffd05779d5cfba01e5ee26f1fdfb18cb6eb3.dll,#1
  2⤵
  PID:4712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 544
    3⤵
    - Program crash
    PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 4712 -ip 4712
1⤵
PID:2820

memory/4712-133-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download