be34f45b4625ba97803d28f8dbf95ea88f6642b174379d6e90d5c34b41473178

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2022 13:07

Target

1620-98-0x0000000000260000-0x000000000028A000-memory.dll
Size

168KB
MD5

ec192e76a5c4b4b2c29016f3a8f27a43
SHA1

437a4d21226474ec9940939bec8b07e0e2124548
SHA256

be34f45b4625ba97803d28f8dbf95ea88f6642b174379d6e90d5c34b41473178
SHA512

88053a0c3924ca3bea1e69e47619051a16ac40f3303a64f8f97fad2cc7ff86ce3f013af7306da6d58f70631c0a3d8cd51a671eac3fc460a4b819ea2d5727d7b4
SSDEEP

3072:kgd08ZLF/Zew2xr73OUmAmJkG3NLTBft+JO/ya3cv:b5hn2xX3zDmJh3NLTBl+g/

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5036 2368 WerFault.exe rundll32.exe

pid	pid_target	process	target process
5036	2368	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3116 wrote to memory of 2368	3116	rundll32.exe	rundll32.exe
PID 3116 wrote to memory of 2368	3116	rundll32.exe	rundll32.exe
PID 3116 wrote to memory of 2368	3116	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1620-98-0x0000000000260000-0x000000000028A000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3116

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1620-98-0x0000000000260000-0x000000000028A000-memory.dll,#1
2⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 560
3⤵
- Program crash
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2368 -ip 2368
1⤵
PID:3940