c5d1e7ebe2e97f6180f75461a197b099c56e2d930bac65004b6dcdd99c1563b3

Analysis

max time kernel
187s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:40

Target

c5d1e7ebe2e97f6180f75461a197b099c56e2d930bac65004b6dcdd99c1563b3.dll
Size

150KB
MD5

238421180df9c3e698eb6d8f507aee09
SHA1

3d979c1f8062628c2cb98be07f0277af210f14fa
SHA256

c5d1e7ebe2e97f6180f75461a197b099c56e2d930bac65004b6dcdd99c1563b3
SHA512

1801d0f1fab973475933cac0a9c3a67e3d1100fb0589b84d7477c15220201ffecc743449d9179c17fab1de14101f3039a0a33c5f55a11b3a868b7d8368e8fbcc
SSDEEP

3072:suhE6zRk0qUwoYMHHMB6Xb+mAJ57ijgZzJW2Xo:suhCBOHMB6XSR57ijgR

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1744	1660	WerFault.exe	83
1796	1660	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1660	2736	rundll32.exe	83
PID 2736 wrote to memory of 1660	2736	rundll32.exe	83
PID 2736 wrote to memory of 1660	2736	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5d1e7ebe2e97f6180f75461a197b099c56e2d930bac65004b6dcdd99c1563b3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5d1e7ebe2e97f6180f75461a197b099c56e2d930bac65004b6dcdd99c1563b3.dll,#1
  2⤵
  PID:1660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 544
    3⤵
    - Program crash
    PID:1744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 776
    3⤵
    - Program crash
    PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1660 -ip 1660
1⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1660 -ip 1660
1⤵
PID:440