f7ac987882f0ad78abe92b52182fe7f4658d2b515faa7912b3183421b59e5980

Analysis

max time kernel
103s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2023 21:59

Target

f7ac987882f0ad78abe92b52182fe7f4658d2b515faa7912b3183421b59e5980.dll
Size

3.2MB
MD5

c2f6aa00ccab98cf1d624d7f4d64f9fc
SHA1

f9b7b0362df0eeaa088a00fdc7fc9d94ecb20a1e
SHA256

f7ac987882f0ad78abe92b52182fe7f4658d2b515faa7912b3183421b59e5980
SHA512

dd748004322408d47ba645c369604cdb1212418a80d336141a6f0581f2131a381d5df132bdd443785561b1c93abbad994ddec95579eb261df7b3743d3e126500
SSDEEP

98304:TZRrSbPkNXW2FEYJoH5aQ2RKludCIuTvtlByI:TLrSbMNmcEYJoZ9luaFlj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

840 2648 WerFault.exe rundll32.exe

pid	pid_target	process	target process
840	2648	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1440 wrote to memory of 2648	1440	rundll32.exe	rundll32.exe
PID 1440 wrote to memory of 2648	1440	rundll32.exe	rundll32.exe
PID 1440 wrote to memory of 2648	1440	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7ac987882f0ad78abe92b52182fe7f4658d2b515faa7912b3183421b59e5980.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1440

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7ac987882f0ad78abe92b52182fe7f4658d2b515faa7912b3183421b59e5980.dll,#1
2⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 640
3⤵
- Program crash
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2648 -ip 2648
1⤵
PID:5096

memory/2648-133-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-134-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-135-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-136-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-137-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-138-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-139-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-140-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-142-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download
memory/2648-148-0x00000000028B0000-0x000000000364F000-memory.dmp

Filesize
13.6MB

Download