2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f

Analysis

max time kernel
98s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 22:02

Target

2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll
Size

4.1MB
MD5

b6c11e61d991c6c2763a5e231b91c359
SHA1

ed47178039a1326354ca9db5b809cafd2a1488a6
SHA256

2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f
SHA512

eeea6ee0c8ef774d964df09e30c1414a941797470f54ff3c5a1346c0d49421e179ff42417bae563a9af82943c6e3b534748cff4bd1162a07c94beb210e0fcac8
SSDEEP

98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrC:fv1GGE5gyjovK65E8oqe

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4140 2608 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4140	2608	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3136 wrote to memory of 2608	3136	rundll32.exe	rundll32.exe
PID 3136 wrote to memory of 2608	3136	rundll32.exe	rundll32.exe
PID 3136 wrote to memory of 2608	3136	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3136

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll,#1
2⤵
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 688
3⤵
- Program crash
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2608 -ip 2608
1⤵
PID:1236