8da27b78a216743274eb56d0f299491644fa6250a143858c35d1508a82466b76

Analysis

max time kernel
132s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 16:36

Target

8da27b78a216743274eb56d0f299491644fa6250a143858c35d1508a82466b76.dll
Size

50KB
MD5

a09407d882e86a36721a04b33700984e
SHA1

06c4ed55b04dcb2d05f9ee8efea960e81b08510c
SHA256

8da27b78a216743274eb56d0f299491644fa6250a143858c35d1508a82466b76
SHA512

8c7bab213742de13bf021cd1e0770a00482e2660613c736da2a841414757ebf0c64a9c00cfde6261d4fa65b5cae31cad390b875b84956dada2f4794231fec164
SSDEEP

1536:g2NNyGkHjkDzELu0AVSv6QM1G5os3U6EufhojGs:guAGWIz89Bv6P1Qob6Eufps

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1604	4828	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4828	4912	rundll32.exe	83
PID 4912 wrote to memory of 4828	4912	rundll32.exe	83
PID 4912 wrote to memory of 4828	4912	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8da27b78a216743274eb56d0f299491644fa6250a143858c35d1508a82466b76.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8da27b78a216743274eb56d0f299491644fa6250a143858c35d1508a82466b76.dll,#1
  2⤵
  PID:4828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 540
    3⤵
    - Program crash
    PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4828 -ip 4828
1⤵
PID:4980

memory/4828-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download