c0612a8174f6353c1fd973837bb841299986012e991bf8adb31224cf79930c05

Analysis

max time kernel
132s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2023 06:41

Target

c0612a8174f6353c1fd973837bb841299986012e991bf8adb31224cf79930c05.dll
Size

4.0MB
MD5

82bec915b69ed5a17e4eea4dd44ce496
SHA1

b08bc8f9a31467a6de844a16e09728543dcec093
SHA256

c0612a8174f6353c1fd973837bb841299986012e991bf8adb31224cf79930c05
SHA512

425659e9a9be69b263ab5ab7c2b2accb01bd3bc00e494640403281c26168d5f8c0d50e35956670185978222955ee332cb452fdcb6066a3e41ea08c328da0ea2a
SSDEEP

98304:dFgNfLKHcpGsCh+vyU/PukYqBFpO9zaCP5hqzzP8ky+f9DuLGz2:opLDM9RUYqBfO9nP5GIky+f9qLZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4284	4612	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 4612	432	rundll32.exe	82
PID 432 wrote to memory of 4612	432	rundll32.exe	82
PID 432 wrote to memory of 4612	432	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0612a8174f6353c1fd973837bb841299986012e991bf8adb31224cf79930c05.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0612a8174f6353c1fd973837bb841299986012e991bf8adb31224cf79930c05.dll,#1
  2⤵
  PID:4612
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 628
    3⤵
    - Program crash
    PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4612 -ip 4612
1⤵
PID:4524

memory/4612-133-0x0000000074740000-0x0000000074EF7000-memory.dmp

Filesize
7.7MB

Download