586f88e52e7206483d507dbc26c3dc095c466fab60ad699b2ced25febe12e73e

Analysis

max time kernel
141s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2022, 03:54

Target

586f88e52e7206483d507dbc26c3dc095c466fab60ad699b2ced25febe12e73e.dll
Size

464KB
MD5

ca680773958fadb164df0a6cd0b1d710
SHA1

7f6e74176363e8faa76c55f3740e7c9c931e99e7
SHA256

586f88e52e7206483d507dbc26c3dc095c466fab60ad699b2ced25febe12e73e
SHA512

c58ace2c092d2348b51c8135a03bad2163d14732733dbe1bcc6ef12d9ada14c61fa0486f7d23bf96a7db118ae1c3d6ffa778b3e07a5a6896b8734ad7a1e570d6
SSDEEP

3072:1g1oktsC1LOZMp91Y3XDuBdC33LB9X6eGilTp3M8JDe8N8Ujmk6g+mXDhBTZTMlU:eikVLOKH1YDccHLHX3fP6mnxckhXoX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4884	1260	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1260	1600	rundll32.exe	82
PID 1600 wrote to memory of 1260	1600	rundll32.exe	82
PID 1600 wrote to memory of 1260	1600	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\586f88e52e7206483d507dbc26c3dc095c466fab60ad699b2ced25febe12e73e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\586f88e52e7206483d507dbc26c3dc095c466fab60ad699b2ced25febe12e73e.dll,#1
  2⤵
  PID:1260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 584
    3⤵
    - Program crash
    PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1260 -ip 1260
1⤵
PID:4932

memory/1260-133-0x0000000075650000-0x00000000756C4000-memory.dmp

Filesize
464KB

Download
memory/1260-134-0x0000000075650000-0x00000000756C4000-memory.dmp

Filesize
464KB

Download