d244a80741f1125ba4619ad312ea3f5458ad8728f9fcc70b148f3478cd546c85

Analysis

max time kernel
62s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2023, 22:06

Target

d244a80741f1125ba4619ad312ea3f5458ad8728f9fcc70b148f3478cd546c85.dll
Size

4.0MB
MD5

47cd0417e8efb840d80debcf0c7da9f1
SHA1

859b40412abcadc61702bdb0417b54117128718d
SHA256

d244a80741f1125ba4619ad312ea3f5458ad8728f9fcc70b148f3478cd546c85
SHA512

f69371ea6b08c70e2115e64a7401d046f9fad5d28695a789153be3b8bc5484e4fac8224476682591a352f40e7e883b34c4d265b2d2587d6892f45e3890ca2968
SSDEEP

98304:dFgNfLKHcpGsCh+vyU/PukYqBFpO9zaCP5hqzzP8ky+f9DuLGzn:opLDM9RUYqBfO9nP5GIky+f9qL0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3108	4356	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 4356	4672	rundll32.exe	83
PID 4672 wrote to memory of 4356	4672	rundll32.exe	83
PID 4672 wrote to memory of 4356	4672	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d244a80741f1125ba4619ad312ea3f5458ad8728f9fcc70b148f3478cd546c85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d244a80741f1125ba4619ad312ea3f5458ad8728f9fcc70b148f3478cd546c85.dll,#1
  2⤵
  PID:4356
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 628
    3⤵
    - Program crash
    PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4356 -ip 4356
1⤵
PID:1912

memory/4356-136-0x0000000074C50000-0x0000000075407000-memory.dmp

Filesize
7.7MB

Download