fadc55c44d59d25924d1d68c810ff63d0910308a8eca7e5cb58978d8778e80c5

Analysis

max time kernel
140s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 04:40

Target

fadc55c44d59d25924d1d68c810ff63d0910308a8eca7e5cb58978d8778e80c5.dll
Size

2.0MB
MD5

b6f0992934abeed43a9a2aae4b7cf85e
SHA1

e6f3378919bc311255ea0cb38e13764280b3b6d2
SHA256

fadc55c44d59d25924d1d68c810ff63d0910308a8eca7e5cb58978d8778e80c5
SHA512

4d303368716e59e7bde45f54795c078974d380e7aa9366e4b5a5409bb476e52b1826fb63c5d9fe5fd039cbe38929f281d2638ca287a2e10d20699582b3372f27
SSDEEP

49152:SpW2WCN9mIFOKjQ5TwRonUr1q7NWcPjHvhxbC5GMhE:SpW2WCDmIFOh5Twzq7NWsPh

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2212	4532	WerFault.exe	82
2984	4532	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 4532	1388	rundll32.exe	82
PID 1388 wrote to memory of 4532	1388	rundll32.exe	82
PID 1388 wrote to memory of 4532	1388	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fadc55c44d59d25924d1d68c810ff63d0910308a8eca7e5cb58978d8778e80c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fadc55c44d59d25924d1d68c810ff63d0910308a8eca7e5cb58978d8778e80c5.dll,#1
  2⤵
  PID:4532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 620
    3⤵
    - Program crash
    PID:2212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 836
    3⤵
    - Program crash
    PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4532 -ip 4532
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4532 -ip 4532
1⤵
PID:2384