a4952a62db6fe078e1030b31bbe526b78558d0305fcbd17f811a32041108edce

Analysis

max time kernel
63s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2023, 05:31

Target

a4952a62db6fe078e1030b31bbe526b78558d0305fcbd17f811a32041108edce.dll
Size

4.0MB
MD5

13af845e9bd17bc684f0ba1ead2c9129
SHA1

75c2157fb14af7d0008e7f40d9ee55e160f5659a
SHA256

a4952a62db6fe078e1030b31bbe526b78558d0305fcbd17f811a32041108edce
SHA512

4c05ca8552c89cc2afb317b0956057d51e3906ca43b3f4707e0cbcc7001409304a6ecbadf087d866826a3cb9f46981fd8084cd4604bdca2dbabf3d0c3c752baa
SSDEEP

98304:dFgNfLKHcpGsCh+vyU/PukYqBFpO9zaCP5hqzzP8ky+f9DuLGzc:opLDM9RUYqBfO9nP5GIky+f9qLT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
860	5076	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 5076	2088	rundll32.exe	79
PID 2088 wrote to memory of 5076	2088	rundll32.exe	79
PID 2088 wrote to memory of 5076	2088	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4952a62db6fe078e1030b31bbe526b78558d0305fcbd17f811a32041108edce.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4952a62db6fe078e1030b31bbe526b78558d0305fcbd17f811a32041108edce.dll,#1
  2⤵
  PID:5076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 628
    3⤵
    - Program crash
    PID:860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5076 -ip 5076
1⤵
PID:1984

memory/5076-133-0x0000000074730000-0x0000000074EE7000-memory.dmp

Filesize
7.7MB

Download