09c97cb8828c96e8c6f95d08298bcf82765b6902d4cf52d6a98b44565a35d96f

Analysis

max time kernel
53s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 20:23

Target

09c97cb8828c96e8c6f95d08298bcf82765b6902d4cf52d6a98b44565a35d96f.dll
Size

108KB
MD5

045442c05586c9b3e34f0c6a323de0f0
SHA1

f7e3193635b1493a3e89eec2ebf92d52d40b7e6b
SHA256

09c97cb8828c96e8c6f95d08298bcf82765b6902d4cf52d6a98b44565a35d96f
SHA512

0cd2fcb441e45d2d3f2b56c1def9f7e27b61871aca6199c9f2565dd2c1d110b505bab392575e612094cdbb6817352934ff085c627e3dd199831b4019073c6777
SSDEEP

1536:Mzi3xUnToIfMIOYSp75vp4xYLDHvHiSbmXGclmQU9g/TdCqGe:MzCx4TBfCJvvaYLDHKSb7Qm99g/TdYe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4604	1776	WerFault.exe	77

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 1776	540	rundll32.exe	77
PID 540 wrote to memory of 1776	540	rundll32.exe	77
PID 540 wrote to memory of 1776	540	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09c97cb8828c96e8c6f95d08298bcf82765b6902d4cf52d6a98b44565a35d96f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09c97cb8828c96e8c6f95d08298bcf82765b6902d4cf52d6a98b44565a35d96f.dll,#1
  2⤵
  PID:1776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 600
    3⤵
    - Program crash
    PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1776 -ip 1776
1⤵
PID:4404

memory/1776-133-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download