70c678e1024797ba4a33338e5435e675de61bd54395b815b9f125406355d83b9

Analysis

max time kernel
135s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 01:09

Target

70c678e1024797ba4a33338e5435e675de61bd54395b815b9f125406355d83b9.dll
Size

253KB
MD5

7daacea52225827ac9e39d9dab97f5c2
SHA1

e89e23d0ffdc89c13e98cdb601dd161aac1d0857
SHA256

70c678e1024797ba4a33338e5435e675de61bd54395b815b9f125406355d83b9
SHA512

99e49cf38d3213aff7a2c30467e731982247afbd73c87a407c18cb5473782361e30446454d0ecf6551b882ebe06e9590b2421e7e1ad612e346c8f7cfd492fa86
SSDEEP

3072:d9i4tqEO3XM1C1xprhTw1f977thtjz5TWckFjGP1KXc2cHcUc3v:a93XM1C1xpre7vV5TWjXcrHM3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3176	400	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 400	3968	rundll32.exe	84
PID 3968 wrote to memory of 400	3968	rundll32.exe	84
PID 3968 wrote to memory of 400	3968	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70c678e1024797ba4a33338e5435e675de61bd54395b815b9f125406355d83b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70c678e1024797ba4a33338e5435e675de61bd54395b815b9f125406355d83b9.dll,#1
  2⤵
  PID:400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 660
    3⤵
    - Program crash
    PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 400 -ip 400
1⤵
PID:3896

memory/400-133-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/400-134-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download