7d63d6474edcb58a7451ce6efb1e62442823734b86dbc30d9bf1944479fb5ae8

Analysis

max time kernel
91s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2023, 01:49

Target

f5831a53a97a98b64a1eb4a1c88b37c9bbf4503b1f15235379ec364dafb27f8f.dll
Size

930KB
MD5

dc792a6846ffd01d0be9887a49d2b612
SHA1

d956dff8e84b5a878f6624a077a1c0dcb9fdb24b
SHA256

f5831a53a97a98b64a1eb4a1c88b37c9bbf4503b1f15235379ec364dafb27f8f
SHA512

a6b9d38cbcfc532ee25a54104d249f8742c009fd780a032b8a2c2999fec0a1403a47eae9d1f6f5b451ac8ea5ddb4d1a3df54fa133457e430024dbee3ec9f6ade
SSDEEP

24576:UkgLxg2eMP8EN8Vo7zgDQ9uo4iZSBi/u3wXqx9jKVM5qx0YJ:x/jDQMo49wpq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3812	3248	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 3248	1656	rundll32.exe	80
PID 1656 wrote to memory of 3248	1656	rundll32.exe	80
PID 1656 wrote to memory of 3248	1656	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5831a53a97a98b64a1eb4a1c88b37c9bbf4503b1f15235379ec364dafb27f8f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5831a53a97a98b64a1eb4a1c88b37c9bbf4503b1f15235379ec364dafb27f8f.dll,#1
  2⤵
  PID:3248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 600
    3⤵
    - Program crash
    PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3248 -ip 3248
1⤵
PID:1616

memory/3248-133-0x0000000010000000-0x0000000010200000-memory.dmp

Filesize
2.0MB

Download