63a778d4d00981e6f27fbb1fcd3f91e8a044edf02e8949978f1e5e57741734bd

Analysis

max time kernel
165s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 09:31

Target

63a778d4d00981e6f27fbb1fcd3f91e8a044edf02e8949978f1e5e57741734bd.dll
Size

16KB
MD5

f666940307111a61e721d8d576beb970
SHA1

2c1e71cbd76786e347779a35f1c393b740867fa0
SHA256

63a778d4d00981e6f27fbb1fcd3f91e8a044edf02e8949978f1e5e57741734bd
SHA512

dc89deffc18a3c597173d2c40597886ccde6fca7159b12f58eca5888b797d926a243200092f7fcafc54a6a7661d0af63db67e49c424e655de448533fd0780e0e
SSDEEP

192:WKLj69QGG41Ci7aVhU3fXGXFIiDZuCpcZWEa6Aap+uQvynhc7h6HulogKk07+v4h:0CG/x7aCX+NuCpcZva6zjQ4HuqS01h

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2460	5052	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 5052	2912	rundll32.exe	82
PID 2912 wrote to memory of 5052	2912	rundll32.exe	82
PID 2912 wrote to memory of 5052	2912	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63a778d4d00981e6f27fbb1fcd3f91e8a044edf02e8949978f1e5e57741734bd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63a778d4d00981e6f27fbb1fcd3f91e8a044edf02e8949978f1e5e57741734bd.dll,#1
  2⤵
  PID:5052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 568
    3⤵
    - Program crash
    PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5052 -ip 5052
1⤵
PID:1320