aad0877bb508237f482df008f7ad869203302c3224d091ecf3927e02d3fc287b

Analysis

max time kernel
94s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 05:49

Target

aad0877bb508237f482df008f7ad869203302c3224d091ecf3927e02d3fc287b.dll
Size

371KB
MD5

5a5e2d1b8d87a5442f40723e2a092e70
SHA1

1654b70397c5d432626e007cbeb1eea3f36ab454
SHA256

aad0877bb508237f482df008f7ad869203302c3224d091ecf3927e02d3fc287b
SHA512

9d94e230c25c8cc0926ae6f3e11a39531c2148781b664a8bd5355e12751ce9848225af9565b6995244555cd1b24b998985faa315b8389d64631f7be1be86b48f
SSDEEP

6144:3atH3T9bZQQ8to99QxnQef9bFB6Igrcxkes8HAcCzXkQjVEtK8W0l:69b6Q8toelyIgQdAcCzPS889

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
336	4748	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 4748	4492	rundll32.exe	83
PID 4492 wrote to memory of 4748	4492	rundll32.exe	83
PID 4492 wrote to memory of 4748	4492	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aad0877bb508237f482df008f7ad869203302c3224d091ecf3927e02d3fc287b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aad0877bb508237f482df008f7ad869203302c3224d091ecf3927e02d3fc287b.dll,#1
  2⤵
  PID:4748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 716
    3⤵
    - Program crash
    PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4748 -ip 4748
1⤵
PID:4920

memory/4748-132-0x0000000000000000-mapping.dmp

Download
memory/4748-133-0x00000000009B0000-0x0000000000A12000-memory.dmp

Filesize
392KB

Download