63af03db9a1fc611b51a67a23a838833c2ade8dbb70f3f2974578c4e6bf061da

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/02/2023, 18:07

Target

63af03db9a1fc611b51a67a23a838833c2ade8dbb70f3f2974578c4e6bf061da.dll
Size

498KB
MD5

30b90437e5535b1e3eeffa3ddcd0ae0c
SHA1

e7b1275259ffcf15e4e1f22851364dea7cca7e2f
SHA256

63af03db9a1fc611b51a67a23a838833c2ade8dbb70f3f2974578c4e6bf061da
SHA512

3acef3a55bbabd090974f27036d8d9242d6a8e68454d4eb4d41225913384c4cbd662b80405346053a2dad99181b2122b5edb69b304e8d73be9cd1c5238b64474
SSDEEP

6144:2Qd+kkro4m9EJhnSRMWVFw/F/mdGpn9z0nZZAO5LNfX2y2kFP9z3ZMJxydRZZAOX:Hso4/62gFyFCKl0ZZbpaS1gxQZbp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4316	5068	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 5068	4032	rundll32.exe	82
PID 4032 wrote to memory of 5068	4032	rundll32.exe	82
PID 4032 wrote to memory of 5068	4032	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63af03db9a1fc611b51a67a23a838833c2ade8dbb70f3f2974578c4e6bf061da.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63af03db9a1fc611b51a67a23a838833c2ade8dbb70f3f2974578c4e6bf061da.dll,#1
  2⤵
  PID:5068
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 588
    3⤵
    - Program crash
    PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5068 -ip 5068
1⤵
PID:5040