f77eaf7513d509f9caa244d8016f010efa5a9513947e9a6dfedea6855ee93179

Analysis

max time kernel
383s
max time network
618s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
03-01-2023 17:19

Target

cl.dll
Size

60KB
MD5

3818348bf02665342f21837a7bbcfe7a
SHA1

7da458e626acf26b5228280c16910957c08a196b
SHA256

f77eaf7513d509f9caa244d8016f010efa5a9513947e9a6dfedea6855ee93179
SHA512

381c120181e95fa9446133152e164f11a67330f4665abf9924805866b8fdfde202311ee0ef00ae7508a967687272ac8ff382a57a0c9643dbde9ec2dbe83360ae
SSDEEP

768:hO4apg9TJD/UFPvh45g1WmxValWf5uJMj9TX8Vd76o1x6:hHT+4mjw4IdZx

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4736	60	WerFault.exe	65
4068	4264	WerFault.exe	73
5116	4996	WerFault.exe	75

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 4264	4140	cmd.exe	73
PID 4140 wrote to memory of 4264	4140	cmd.exe	73
PID 4140 wrote to memory of 4996	4140	cmd.exe	75
PID 4140 wrote to memory of 4996	4140	cmd.exe	75
PID 4140 wrote to memory of 4008	4140	cmd.exe	77
PID 4140 wrote to memory of 4008	4140	cmd.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cl.dll,#1
1⤵
PID:60
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 60 -s 220
  2⤵
  - Program crash
  PID:4736

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Windows\system32\regsvr32.exe
  regsvr32 cl.dll
  2⤵
  PID:4264
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 4264 -s 380
    3⤵
    - Program crash
    PID:4068
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s cl.dll
  2⤵
  PID:4996
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 4996 -s 380
    3⤵
    - Program crash
    PID:5116
- C:\Windows\system32\rundll32.exe
  rundll32 cl.dll
  2⤵
  PID:4008