0044d0aaf66f8d9906c67f67299477cac6f1bce839ac13e1821d076f19386c9b

Analysis

max time kernel
61s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
16-02-2023 21:31

Target

test/e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7.dll
Size

434KB
MD5

45312e98b2626527c3aa4fb317a2cb64
SHA1

a244c27337189efde4e72ae7dd3ad6b0134a3fc3
SHA256

e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7
SHA512

4f898a7dbb1eca6cc994707e7171a6ebd9674526c8e6ab8282b288ee63176bb64581da74e4363054773edcdac83c922a72effc4b857fec919c4397b0881bd144
SSDEEP

12288:rJZ701RXT1BaB4Irm8VGf9hyI8K9HGgXA:VZ701RXT1wB4Irz0f9hNj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3104 536 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3104	536	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3624 wrote to memory of 536	3624	rundll32.exe	rundll32.exe
PID 3624 wrote to memory of 536	3624	rundll32.exe	rundll32.exe
PID 3624 wrote to memory of 536	3624	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test\e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test\e93e14b1a7419bdc3158b88c4a91363891c2419f3581ba7f888e22ad6725b5c7.dll,#1
2⤵
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 600
3⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 536 -ip 536
1⤵
PID:1684