c6cee9ad840b89e53e80beb51c2908a57a262848af87686984e52576ff0bba79

Analysis

max time kernel
91s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
15/02/2023, 08:16

Target

2194a8d31e97957c4e64124bf1b17a7aee5d6a0e1ebec6a459cf147679030deb.dll
Size

329KB
MD5

489b6baeec560207536f62e97dcff475
SHA1

7edaf08a9c45590ec22fa04af442895b102ed922
SHA256

2194a8d31e97957c4e64124bf1b17a7aee5d6a0e1ebec6a459cf147679030deb
SHA512

e7b7adbe4305692d2b9a465da512a1043cc33369298a4df4db257db3251aa3e2d72f63cd393f60d41e629c6908360a80fc9761a2d516fa49ff2c365f36399954
SSDEEP

6144:z8HwSJZ88IKeVSi5CHvJITRTcKY+UC6vmtmHkRCTZHmR/UYSbO28m2XQ9OW:z8HwSJG83i5CPqTCKY+cOB/UnbrwXQgW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3460	1528	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1528	2392	rundll32.exe	81
PID 2392 wrote to memory of 1528	2392	rundll32.exe	81
PID 2392 wrote to memory of 1528	2392	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2194a8d31e97957c4e64124bf1b17a7aee5d6a0e1ebec6a459cf147679030deb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2194a8d31e97957c4e64124bf1b17a7aee5d6a0e1ebec6a459cf147679030deb.dll,#1
  2⤵
  PID:1528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 620
    3⤵
    - Program crash
    PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1528 -ip 1528
1⤵
PID:4608