bd5b150097b2bc586df3a412942f3c7e8cf42d0043bd9940972a2f1e1e56cf6c

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2023 02:04

Target

bd5b150097b2bc586df3a412942f3c7e8cf42d0043bd9940972a2f1e1e56cf6c.dll
Size

5.0MB
MD5

26589b1baac90ac7eb9545a9edaa1eea
SHA1

f83abacdf3ba1a1fd317df8da9d56ee463558591
SHA256

bd5b150097b2bc586df3a412942f3c7e8cf42d0043bd9940972a2f1e1e56cf6c
SHA512

4390132e503307949f93b04713972cabfc84993474c52643987a4cde38d1be393bfaf4efaeca64cc29b3b5eef9c60906e6dd15ad50adb055cd41379aae1163e4
SSDEEP

98304:M5Bw2Bzx0k9/BZXxkIWPG1f5e7aU2Sz9NwrZBJj:ABl0sBZBkIvhe7aUnNc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1704	1396	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1396	1952	rundll32.exe	82
PID 1952 wrote to memory of 1396	1952	rundll32.exe	82
PID 1952 wrote to memory of 1396	1952	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd5b150097b2bc586df3a412942f3c7e8cf42d0043bd9940972a2f1e1e56cf6c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd5b150097b2bc586df3a412942f3c7e8cf42d0043bd9940972a2f1e1e56cf6c.dll,#1
  2⤵
  PID:1396
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 724
    3⤵
    - Program crash
    PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1396 -ip 1396
1⤵
PID:2612