2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d

Analysis

max time kernel
117s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2023 20:32

Target

2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d.dll
Size

1.9MB
MD5

39081b4d48dbeb8edb010011d19b6459
SHA1

50d42366c737cf85b34c75e55164c5894d1daa75
SHA256

2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d
SHA512

2eb0d4bc40f74e4f15794d1a84374b2a825b48dfd303d464c512af4e5470bc02ced608163f56930a328d3ec1be78dbc2f88176a9011eccdc0a50f9579a6c823a
SSDEEP

49152:qQC2JlwU21A2UU3hSbFcJxigZb8OEibWdag2TH7DXjK1:XCOkbUUagxgdibsadH7Dzs

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1288 3364 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1288	3364	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1292 wrote to memory of 3364	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 3364	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 3364	1292	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d.dll,#1
2⤵
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 644
3⤵
- Program crash
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 3364 -ip 3364
1⤵
PID:3460

memory/3364-133-0x00000000746C0000-0x0000000074CE4000-memory.dmp

Filesize
6.1MB

Download
memory/3364-134-0x0000000002940000-0x000000000298B000-memory.dmp

Filesize
300KB

Download
memory/3364-136-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3364-135-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/3364-137-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/3364-138-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3364-139-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/3364-140-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/3364-141-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/3364-142-0x00000000030C0000-0x00000000030C2000-memory.dmp

Filesize
8KB

Download
memory/3364-143-0x0000000000F60000-0x0000000000F61000-memory.dmp

Filesize
4KB

Download
memory/3364-144-0x0000000002940000-0x000000000298B000-memory.dmp

Filesize
300KB

Download