483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6

Analysis

max time kernel
112s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2022, 17:15

Target

483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6.dll
Size

16KB
MD5

cc31d6a6320080e60c9a902bacd33bfa
SHA1

52113f1382e90bc2a06f654c652116dd00e3002d
SHA256

483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6
SHA512

f61ca29a24e469618deb29edb4839bd3a27d145d06370084ee14e509c060384a69d06cf478edc98b7953657af4a1844f3ad0801f047b4955527ae46b1835222e
SSDEEP

24:e1GSgDSEhxCglIB6SXvVmMPhTjvhBrDsqZ:SgDLllVImghTNBsG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3204	4928	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4928	4736	rundll32.exe	82
PID 4736 wrote to memory of 4928	4736	rundll32.exe	82
PID 4736 wrote to memory of 4928	4736	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\483abd85c8e5627082e956fc14d487fb2537287018d29a060985d457b1ec0ea6.dll,#1
  2⤵
  PID:4928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 600
    3⤵
    - Program crash
    PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4928 -ip 4928
1⤵
PID:4756