8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c

Analysis

Target

8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll
Size

134KB
MD5

58b8d65e848176eb583a88e8d48f413e
SHA1

9ebb541dcb24d564448a6f5e00c613b73eba7148
SHA256

8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c
SHA512

8546e6333040f600051221657d5d345e2a203bda6284537c9d1130c301f0ec6289bda0c85b8bffa9941075eaca429dcef2f8b0811c751b5e7cc980b1b771d92f

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1624	1500	WerFault.exe	68

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 1500	3588	rundll32.exe	68
PID 3588 wrote to memory of 1500	3588	rundll32.exe	68
PID 3588 wrote to memory of 1500	3588	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll,#1
  2⤵
  PID:1500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 636
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1624