0022c6dcdc5dda82ca7f0f6bb2b372555ccbb638b34a92161b6e6e2fb1ef0d8b

Analysis

max time kernel
165s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 13:57

Target

0022c6dcdc5dda82ca7f0f6bb2b372555ccbb638b34a92161b6e6e2fb1ef0d8b.dll
Size

1.1MB
MD5

7c3aee74a85ce4f5927fdef8f97480b3
SHA1

7e6e1786635005cb9c812cefe558cee91ecc2f07
SHA256

0022c6dcdc5dda82ca7f0f6bb2b372555ccbb638b34a92161b6e6e2fb1ef0d8b
SHA512

c1bd8a159d1aff0f2cc7378eaad7c3c672bc0dbb887b300649ee0165d8ba6baef69fc8cca83cc8e50be8be5a32bd6ae38352745d64f1161f35029674bfe8af2a
SSDEEP

12288:fz4lZtHWY1nzV7YRqrv91TmnF3Z4mxxSiI/v5/s3vuLq3I9gKX:riL1zlYkj918QmXXI/v5avuLvSQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3396	1208	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 1208	876	rundll32.exe	79
PID 876 wrote to memory of 1208	876	rundll32.exe	79
PID 876 wrote to memory of 1208	876	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0022c6dcdc5dda82ca7f0f6bb2b372555ccbb638b34a92161b6e6e2fb1ef0d8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0022c6dcdc5dda82ca7f0f6bb2b372555ccbb638b34a92161b6e6e2fb1ef0d8b.dll,#1
  2⤵
  PID:1208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 676
    3⤵
    - Program crash
    PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1208 -ip 1208
1⤵
PID:728

memory/1208-133-0x0000000010000000-0x0000000010138000-memory.dmp

Filesize
1.2MB

Download
memory/1208-134-0x00000000020A0000-0x00000000020F4000-memory.dmp

Filesize
336KB

Download
memory/1208-135-0x0000000010000000-0x0000000010138000-memory.dmp

Filesize
1.2MB

Download
memory/1208-136-0x00000000020A0000-0x00000000020F4000-memory.dmp

Filesize
336KB

Download