3e763cafddda12c91027547182ebccd68332f08e8964f1bc28f6dc409adede4f

Analysis

max time kernel
55s
max time network
74s
platform
windows10-1703_x64
resource
win10-20230621-ja
resource tags

arch:x64arch:x86image:win10-20230621-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
27-06-2023 06:46

Target

bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll
Size

5.5MB
MD5

3b4f6af5893f9aafb1f17c9dfb1e532b
SHA1

98174a940d2920768ebe21844bc3aa0c4917e6d3
SHA256

bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99
SHA512

38f17d96542af89f1058e87f55b875c1969c5c3580e739d9e32ec6d8b41d50d8f348f40778382db906f1164fc3062878d187df5623d5de08ecbb276aa0515672
SSDEEP

49152:Z/L42JErM38FaXp7F3TcT//lR8dnGaTz2aj/jVf:33RXjjcT//AGaTpf

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4336 3092 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4336	3092	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4408 wrote to memory of 3092	4408	rundll32.exe	rundll32.exe
PID 4408 wrote to memory of 3092	4408	rundll32.exe	rundll32.exe
PID 4408 wrote to memory of 3092	4408	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll,#1
2⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 616
3⤵
- Program crash
PID:4336