da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5

Analysis

max time kernel
178s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 22:58

Target

TrayIcon.dll
Size

90KB
MD5

8f3d81e200f13a005d6a8854cb196e0a
SHA1

22528752af1077b8466f3cec7828c1c4a047e2e0
SHA256

9584c3ac7e5122d4d547b7b6cfbd9ee7931667334ff3a90a0e2a765825904ca3
SHA512

f646c8245e0ca0b253838788bbd9725d138321fb864f097f791e8c7bfae5690b2f539fccb80a58119e7ff8e9e963ad8b45e1cdd05fab600b0de519e09a75260d
SSDEEP

1536:m54Wdjz/4flqNW1LmJN1AI/2SYkLHLkwRdgpAab4ko6nOKUrr8n6XoDZf7qxuZw:Q4WKMNWpmJNYSf4wiAa1o6nOT386Xouu

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4400 1120 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4400	1120	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4056 wrote to memory of 1120	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 1120	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 1120	4056	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\TrayIcon.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\TrayIcon.dll,#1
  2⤵
  PID:1120
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 548
    3⤵
    - Program crash
    PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 1120 -ip 1120
1⤵
PID:1028

memory/1120-132-0x0000000000000000-mapping.dmp

Download
memory/1120-133-0x0000000010000000-0x0000000010036000-memory.dmp

Filesize
216KB

Download