75faf28ef434adb1edbee301342bd145e3e6b3af60f02e6fbab800d10e373341

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 19:08

Target

75faf28ef434adb1edbee301342bd145e3e6b3af60f02e6fbab800d10e373341.dll
Size

317KB
MD5

5931d9aba82d852d1127764e0e15886d
SHA1

e48eb1d776e54183aec991f2751600f4e38ce469
SHA256

75faf28ef434adb1edbee301342bd145e3e6b3af60f02e6fbab800d10e373341
SHA512

1533630c214193568c334b1f7d70658335bf683d2586845eee17a261c153c7d86acfe8811cc167a88f1b2d962e2aae27588ab63e296e1a552f218417a25e3900
SSDEEP

6144:IynKe1U6ybW6cShRZuWYteU/0luNwOGJptI+hLb4LGSKoJ/5JvV:ICjOi6DuRltOEGLELGSXzB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2588	2788	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2788	1344	rundll32.exe	82
PID 1344 wrote to memory of 2788	1344	rundll32.exe	82
PID 1344 wrote to memory of 2788	1344	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75faf28ef434adb1edbee301342bd145e3e6b3af60f02e6fbab800d10e373341.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\75faf28ef434adb1edbee301342bd145e3e6b3af60f02e6fbab800d10e373341.dll,#1
  2⤵
  PID:2788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 596
    3⤵
    - Program crash
    PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2788 -ip 2788
1⤵
PID:4808