1a8f452475f58038770535fdb4f2e74088aa68609aa8d5391be55e846ba601d5

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 03:44

Target

1a8f452475f58038770535fdb4f2e74088aa68609aa8d5391be55e846ba601d5.dll
Size

111KB
MD5

2279e8051b80d09f0e83a55dc40db7f0
SHA1

ac37220535394b65987be70dc6e21bd376b00a98
SHA256

1a8f452475f58038770535fdb4f2e74088aa68609aa8d5391be55e846ba601d5
SHA512

d86da0fd1a5ed22d11fbb1021cfb3aa5a4d5239a780362cccee5e5af3b393783821c0b25609f1b3d679ac9458e5dc387d4da929fbab454dcdb546d6a4cd1a381
SSDEEP

1536:dhcJi/TXiNFS9PBiebUrVvgvJIBs+WvHUTLfQsp9P5ju7/a9Z9mJ1:HLiNFGTbUBvgRIOvH+LTPFuDa9Z61

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3064	2004	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2004	1664	rundll32.exe	80
PID 1664 wrote to memory of 2004	1664	rundll32.exe	80
PID 1664 wrote to memory of 2004	1664	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a8f452475f58038770535fdb4f2e74088aa68609aa8d5391be55e846ba601d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a8f452475f58038770535fdb4f2e74088aa68609aa8d5391be55e846ba601d5.dll,#1
  2⤵
  PID:2004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 720
    3⤵
    - Program crash
    PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2004 -ip 2004
1⤵
PID:2128