1281f7fffd63f60b1f87c13d81d0af5f8a4133005e9a319a21478f71be9d8b20

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 17:53

Target

1281f7fffd63f60b1f87c13d81d0af5f8a4133005e9a319a21478f71be9d8b20.dll
Size

817KB
MD5

8300cb5608b418931cb8b815761b824f
SHA1

7f9e29a3033bc8482fe50671e143275cf48c7b5a
SHA256

1281f7fffd63f60b1f87c13d81d0af5f8a4133005e9a319a21478f71be9d8b20
SHA512

5b0ab8fd3b73b3086564843d7ec5e55a956a058c8c1df076aba79ec823a8120b8d26f9513cdc3f55122375c40cb85e69ae47e1b55d0a854831512480ac967b41
SSDEEP

24576:mbEPDddPu015nWvNvBrvZtPD8VXMeBAGb:eqDddPV1+5bPb8tMk

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4928	rundll32mgr.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4260	4928	WerFault.exe	81

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 384	4712	rundll32.exe	80
PID 4712 wrote to memory of 384	4712	rundll32.exe	80
PID 4712 wrote to memory of 384	4712	rundll32.exe	80
PID 384 wrote to memory of 4928	384	rundll32.exe	81
PID 384 wrote to memory of 4928	384	rundll32.exe	81
PID 384 wrote to memory of 4928	384	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1281f7fffd63f60b1f87c13d81d0af5f8a4133005e9a319a21478f71be9d8b20.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1281f7fffd63f60b1f87c13d81d0af5f8a4133005e9a319a21478f71be9d8b20.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    PID:4928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 384
      4⤵
      Program crash
      PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 4928 -ip 4928
1⤵
PID:5012

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
192KB

MD5
72864b90643b2ff7a3e4c06b03ad2ce7

SHA1
52f60736728362514dec7880f67009408bf744da

SHA256
c0dc483d5d52f102a46125ba7b79757cf535aaf6075ff1bf0b255243d0b88c43

SHA512
b6f2abb30dedc588601324a203f348f453443a28de2a82b16ae175621471126680bf239e502e5c4f848955a6031e211976a3aa24eaa9e1e56b06c30916a23bf2

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
192KB

MD5
72864b90643b2ff7a3e4c06b03ad2ce7

SHA1
52f60736728362514dec7880f67009408bf744da

SHA256
c0dc483d5d52f102a46125ba7b79757cf535aaf6075ff1bf0b255243d0b88c43

SHA512
b6f2abb30dedc588601324a203f348f453443a28de2a82b16ae175621471126680bf239e502e5c4f848955a6031e211976a3aa24eaa9e1e56b06c30916a23bf2

Download Submit