c497d6289ce1cf8791f03c7b58f60190c330db7946f4adda5da4400bac3645cc

Analysis

max time kernel
189s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 15:34

Target

c497d6289ce1cf8791f03c7b58f60190c330db7946f4adda5da4400bac3645cc.dll
Size

483KB
MD5

c536c9657eda06dbc81f3aa06df641a6
SHA1

8689e2b9ca79ae01aee2f523b681e2944c472ce8
SHA256

c497d6289ce1cf8791f03c7b58f60190c330db7946f4adda5da4400bac3645cc
SHA512

ced00bbfd58546357d4b6982e60f8982b338f29947e02d7cb5a68181ff84f70920c8def73764698baa5175272edd80948be04a0e246cc99b1d4cd6c56f2334bd
SSDEEP

3072:G0z3ACMh57BIqaQFgQoNHJdkGdBLNl58fVLo63R8Dk/93Y5LHzSJvz5IINZ2If3Y:fMh5tDD4cG/GVPODuCzSYIbx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2484	948	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 948	4852	rundll32.exe	82
PID 4852 wrote to memory of 948	4852	rundll32.exe	82
PID 4852 wrote to memory of 948	4852	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c497d6289ce1cf8791f03c7b58f60190c330db7946f4adda5da4400bac3645cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c497d6289ce1cf8791f03c7b58f60190c330db7946f4adda5da4400bac3645cc.dll,#1
  2⤵
  PID:948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 592
    3⤵
    - Program crash
    PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 948 -ip 948
1⤵
PID:2208

memory/948-133-0x0000000000B60000-0x0000000000BED000-memory.dmp

Filesize
564KB

Download
memory/948-134-0x0000000000B60000-0x0000000000BED000-memory.dmp

Filesize
564KB

Download