572cc54147d9a7959b56c72470e2d22f77e8a26c6394128c53628f85c2a057cc

Analysis

max time kernel
129s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 16:52

Target

572cc54147d9a7959b56c72470e2d22f77e8a26c6394128c53628f85c2a057cc.dll
Size

242KB
MD5

9a0fe1cb074a1c84a9582e20d5525b01
SHA1

3d8f43617aba65510bf85d8c8d226d6a744e2a34
SHA256

572cc54147d9a7959b56c72470e2d22f77e8a26c6394128c53628f85c2a057cc
SHA512

a22fdf17ae4e1e1781ae0ca7b455dc91045853729aa847a3230a22e594f3e335b6098dc12634159b1960b3487da13a437f4b605b748e0dd87875dad755caed97
SSDEEP

3072:1mkH4V2aLdAJJ5WcZW4TH25KXs8o66yWpQJU6fUzpqtcWGQT0Jkegj9UP541qIHN:Ykvae5Wck4CAal6U6MzJk7jb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4204	4540	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 4540	2216	rundll32.exe	82
PID 2216 wrote to memory of 4540	2216	rundll32.exe	82
PID 2216 wrote to memory of 4540	2216	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\572cc54147d9a7959b56c72470e2d22f77e8a26c6394128c53628f85c2a057cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\572cc54147d9a7959b56c72470e2d22f77e8a26c6394128c53628f85c2a057cc.dll,#1
  2⤵
  PID:4540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 640
    3⤵
    - Program crash
    PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4540 -ip 4540
1⤵
PID:4192