ad10be30412492c52a743ab9a8a9a5f30782cb6a4821de167faf6a86787ae830

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 07:01

Target

ad10be30412492c52a743ab9a8a9a5f30782cb6a4821de167faf6a86787ae830.dll
Size

116KB
MD5

fd643a28ec3a2e81740337e9fb7d1712
SHA1

5a07b52176e3c8b8e8813dfb8de0bf1abb55fce0
SHA256

ad10be30412492c52a743ab9a8a9a5f30782cb6a4821de167faf6a86787ae830
SHA512

1e421a303d63deed560f7c1fcaa73be0798646f9d358d1e2820a367cadc09be75ed85bafa112661114d15c30fb1eee8418ac5099ea1091c5147ea06cff5fc4b4
SSDEEP

1536:QWbH0JmdjGYcQyJrhESFlCjlppTnOUfHr5BYqiMq2Ei8n9rQALZI3TL1e:5bUJm3cQYhDIlp4UfHkJ1VLZI331

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1500	576	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 576	3700	rundll32.exe	82
PID 3700 wrote to memory of 576	3700	rundll32.exe	82
PID 3700 wrote to memory of 576	3700	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad10be30412492c52a743ab9a8a9a5f30782cb6a4821de167faf6a86787ae830.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad10be30412492c52a743ab9a8a9a5f30782cb6a4821de167faf6a86787ae830.dll,#1
  2⤵
  PID:576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 620
    3⤵
    - Program crash
    PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 576 -ip 576
1⤵
PID:4308