5cea1e8af6c2186067a84e91e6bed265fed0e3aa122b917a339af83adb551467

Analysis

max time kernel
124s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2023, 10:43

Target

5cea1e8af6c2186067a84e91e6bed265fed0e3aa122b917a339af83adb551467.dll
Size

56KB
MD5

6cf332d0e20a09d05f9da43cc53b5332
SHA1

a81d0a2bb62ad6d9f1f57f2d12b73cddbf1cc543
SHA256

5cea1e8af6c2186067a84e91e6bed265fed0e3aa122b917a339af83adb551467
SHA512

62b6af4e54002be4279ac67c9e7f73f97a4afc0f2413a59962266348e67cbc9b7087efea941de80456a7e70550ff880a84b6939c70c1e9424157f5de93b0ff1a
SSDEEP

768:k2L7RLPL9WyoDKknfLuE6q37nsVfNyxPWZFSH:bLPL7mKkRnLnsVfNhZAH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3680	1660	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1660	1736	rundll32.exe	84
PID 1736 wrote to memory of 1660	1736	rundll32.exe	84
PID 1736 wrote to memory of 1660	1736	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cea1e8af6c2186067a84e91e6bed265fed0e3aa122b917a339af83adb551467.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cea1e8af6c2186067a84e91e6bed265fed0e3aa122b917a339af83adb551467.dll,#1
  2⤵
  PID:1660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 620
    3⤵
    - Program crash
    PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1660 -ip 1660
1⤵
PID:412