1d18c87cdc79ab31f7213ebbe9366fbc94a8d2632fda53531680b1b9eccd109d

Analysis

max time kernel
89s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20220718-en
resource tags

arch:x64arch:x86image:win10v2004-20220718-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2022 03:20

Target

13f8d4f3097e98c843e9a594b7a9c128.dll
Size

5.0MB
MD5

13f8d4f3097e98c843e9a594b7a9c128
SHA1

a808002fdd82d43a7c828ba501880a13e739c512
SHA256

1d18c87cdc79ab31f7213ebbe9366fbc94a8d2632fda53531680b1b9eccd109d
SHA512

782362654e5239fbfd927c415831049024839480e9e2a1f22e589d60a7b686a19be81e1875a6538d6d22886c53752db8abd13c549a09a3b7728eb8ade76eba6d

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

mssecsvc.exe

pid process

1252 mssecsvc.exe
Drops file in Windows directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\WINDOWS\mssecsvc.exe rundll32.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2656 1252 WerFault.exe mssecsvc.exe

pid	process
1252	mssecsvc.exe

description	ioc	process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe

pid	pid_target	process	target process
2656	1252	WerFault.exe	mssecsvc.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 672 wrote to memory of 904	672	rundll32.exe	rundll32.exe
PID 672 wrote to memory of 904	672	rundll32.exe	rundll32.exe
PID 672 wrote to memory of 904	672	rundll32.exe	rundll32.exe
PID 904 wrote to memory of 1252	904	rundll32.exe	mssecsvc.exe
PID 904 wrote to memory of 1252	904	rundll32.exe	mssecsvc.exe
PID 904 wrote to memory of 1252	904	rundll32.exe	mssecsvc.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13f8d4f3097e98c843e9a594b7a9c128.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:672

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe
3⤵
- Executes dropped EXE
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 272
4⤵
- Program crash
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1252 -ip 1252
1⤵
PID:2528

C:\WINDOWS\mssecsvc.exe
Filesize
3.6MB

MD5
224bb7f0c81b91aea866d27586524bfb

SHA1
a2c3cd6ba0bb7ca69c7df4c43cc7d5d0ecca5273

SHA256
ead5d430902741b5d519e689bea4ed4f1660a441ef23a04440605fc68ca90a08

SHA512
d292d621ec30e1ddf72c2aaab2637f3a9a0ed5a611442c0407017d4944f0b4c404bc210d2d290fb8b71df8530f9e96771621636f38d8a0308f157713d3287ec4

Download Submit
C:\Windows\mssecsvc.exe
Filesize
3.6MB

MD5
224bb7f0c81b91aea866d27586524bfb

SHA1
a2c3cd6ba0bb7ca69c7df4c43cc7d5d0ecca5273

SHA256
ead5d430902741b5d519e689bea4ed4f1660a441ef23a04440605fc68ca90a08

SHA512
d292d621ec30e1ddf72c2aaab2637f3a9a0ed5a611442c0407017d4944f0b4c404bc210d2d290fb8b71df8530f9e96771621636f38d8a0308f157713d3287ec4

Download Submit
memory/904-130-0x0000000000000000-mapping.dmp

Download
memory/1252-131-0x0000000000000000-mapping.dmp

Download
memory/1252-134-0x0000000000400000-0x0000000000A70000-memory.dmp

Filesize
6.4MB

Download