5adbf6936797ca175e9d6f413289011dcfeed509bf82b11e63326645f9688d12

Analysis

max time kernel
137s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2023, 21:34

Target

5adbf6936797ca175e9d6f413289011dcfeed509bf82b11e63326645f9688d12.dll
Size

2.1MB
MD5

fba2b15baf4a38a9a43e22c284b869df
SHA1

2c02b9bfc97e42003585ef6928df83c7997526e6
SHA256

5adbf6936797ca175e9d6f413289011dcfeed509bf82b11e63326645f9688d12
SHA512

527fd3301da4b9767a45871559499f3127f90fc3ec6c7bdd4c9a1c416ce403cd09d8821a58a04c92a35cde50f19eda45befbbb6bc1470d02a0b2a14eca9a368d
SSDEEP

49152:vcz84B8m/yJoQAXJmdmEfZOkNPSTqctjRTDpJMMx1qQ:k7qm/aMcjPSTqsL5xUQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3992	3116	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 3116	4752	rundll32.exe	83
PID 4752 wrote to memory of 3116	4752	rundll32.exe	83
PID 4752 wrote to memory of 3116	4752	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5adbf6936797ca175e9d6f413289011dcfeed509bf82b11e63326645f9688d12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5adbf6936797ca175e9d6f413289011dcfeed509bf82b11e63326645f9688d12.dll,#1
  2⤵
  PID:3116
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 560
    3⤵
    - Program crash
    PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3116 -ip 3116
1⤵
PID:4696