6f9f7b86b376b64f4be8ff81d99da29bca859ea3d7d51b11df8701cbff38ffd8

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 13:02

Target

6f9f7b86b376b64f4be8ff81d99da29bca859ea3d7d51b11df8701cbff38ffd8.dll
Size

603KB
MD5

0e2b2b1a6f2d6b3e33f3c67d818e7520
SHA1

1295c9b9636fd5dc99898ead3ef5e3c63d4d125b
SHA256

6f9f7b86b376b64f4be8ff81d99da29bca859ea3d7d51b11df8701cbff38ffd8
SHA512

865c5c6a7e14c9feb84bf107115ba98205fe5c6444d31e14284d49be3cfaf7a5a6393d121740d0a909a079e1c117da7f093b913ee5524f6c3605026a986f689b
SSDEEP

6144:gb2HnveeTMmk+5Ky1O1/3baIJ+Qh0OXx53qu:8knsF+511O1/baIJ+Qh/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3364	4024	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 4024	936	rundll32.exe	80
PID 936 wrote to memory of 4024	936	rundll32.exe	80
PID 936 wrote to memory of 4024	936	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f9f7b86b376b64f4be8ff81d99da29bca859ea3d7d51b11df8701cbff38ffd8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f9f7b86b376b64f4be8ff81d99da29bca859ea3d7d51b11df8701cbff38ffd8.dll,#1
  2⤵
  PID:4024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 544
    3⤵
    - Program crash
    PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4024 -ip 4024
1⤵
PID:2544