ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371

Analysis

max time kernel
87s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2023 10:08

Target

ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll
Size

4.0MB
MD5

f35e56145d1fae7380b41840e9da7a06
SHA1

a47056baee5ffab514e1e0bd9dac9dad7e52fa77
SHA256

ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371
SHA512

c8984e6aadd338c67d4323a15460ada8aa41be57007829cfd5269e43881a3a8412026ec84491512fb675954bd137a908188ddb0062a41f982017fed4466311e5
SSDEEP

98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIJ:fv1GGE5gyjovK65E8oqJ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4372 2704 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4372	2704	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3888 wrote to memory of 2704	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 2704	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 2704	3888	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll,#1
2⤵
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 688
3⤵
- Program crash
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2704 -ip 2704
1⤵
PID:2192