12f1388ef9b404c6d0c03dd370fa745c837c458a15c263a2e2401b094f6f1164

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 14:56

Target

12f1388ef9b404c6d0c03dd370fa745c837c458a15c263a2e2401b094f6f1164.dll
Size

85KB
MD5

10263d67577ef4a58fe835366ebf03f2
SHA1

6869d228ca8a1e86e6e88f900f5f35436d995310
SHA256

12f1388ef9b404c6d0c03dd370fa745c837c458a15c263a2e2401b094f6f1164
SHA512

36ac7024e7cecd947838e40befc1a160bb0baa0016c9a45fc4708128b528a4c524074da34d4b8940921a2a4d9342af4632684db582bf4b588106b57345b92c37
SSDEEP

1536:TjJc9U789+MP2bijdoNlKGhjL5vBiYlviuG3slM/B5VpL2GzzT7pFGxIWoyPOATN:Tjj49VP2b5NrBL5vRla9kMJ5bKGzzJ4j

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4616	4092	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 4092	1644	rundll32.exe	14
PID 1644 wrote to memory of 4092	1644	rundll32.exe	14
PID 1644 wrote to memory of 4092	1644	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12f1388ef9b404c6d0c03dd370fa745c837c458a15c263a2e2401b094f6f1164.dll,#1
1⤵
PID:4092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 596
  2⤵
  - Program crash
  PID:4616

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12f1388ef9b404c6d0c03dd370fa745c837c458a15c263a2e2401b094f6f1164.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4092 -ip 4092
1⤵
PID:4248

memory/4092-133-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download