96db1734bcd828e14105c8b8f0443f72f799ccff1b3997bc3da848317d9d8b8c

Analysis

max time kernel
187s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 13:52

Target

96db1734bcd828e14105c8b8f0443f72f799ccff1b3997bc3da848317d9d8b8c.dll
Size

360KB
MD5

918f7a94fed3332ded2ca4beabb16d67
SHA1

5905623707103558cb14829a3890babdb37cec8e
SHA256

96db1734bcd828e14105c8b8f0443f72f799ccff1b3997bc3da848317d9d8b8c
SHA512

2beec28c36c2517c661133a9ac07bbf749ac4e2a5f1226f753c6608662c1093be6cfeaaf06b48058162396c9ccfb744239976be80262df1484f5f12b189a3782
SSDEEP

6144:oigEwzuBmYaCDYyQi7ieC+b1taRZLLsUacr7pZ2GWLfvqffxOHF:o/LzuBHakt7ielxtaEcr7/ezF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1260	4652	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 4652	4692	rundll32.exe	80
PID 4692 wrote to memory of 4652	4692	rundll32.exe	80
PID 4692 wrote to memory of 4652	4692	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96db1734bcd828e14105c8b8f0443f72f799ccff1b3997bc3da848317d9d8b8c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\96db1734bcd828e14105c8b8f0443f72f799ccff1b3997bc3da848317d9d8b8c.dll,#1
  2⤵
  PID:4652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 600
    3⤵
    - Program crash
    PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4652 -ip 4652
1⤵
PID:4432

memory/4652-133-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download