8d1c42dc27cd76f18d207d13a02c13f1e77225294ac6fc3ffda5cbdf28d821c8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 12:53

Target

8d1c42dc27cd76f18d207d13a02c13f1e77225294ac6fc3ffda5cbdf28d821c8.dll
Size

73KB
MD5

9ef26978f807cea0e59b6d1e576d966b
SHA1

8ea4d52807458fe101bdceee87d7fec6d43b2116
SHA256

8d1c42dc27cd76f18d207d13a02c13f1e77225294ac6fc3ffda5cbdf28d821c8
SHA512

b461e2a03658343c7a175cd3ebcc0cb7d2df315d5e95b8117c414a2ea4f733a0eab57cecad7b51378c09e4ab2c718ed03343b2a6349e1c9f502c28b7a3face6f
SSDEEP

1536:qu0s+S3laAGcvKen/VFnToIfITRur5ZXNTeiFp0zA+V/R8:f0s+Sien/VtTBfITRur5ZXNTeiP0Z

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2124 4880 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2124	4880	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4956 wrote to memory of 4880	4956	rundll32.exe	rundll32.exe
PID 4956 wrote to memory of 4880	4956	rundll32.exe	rundll32.exe
PID 4956 wrote to memory of 4880	4956	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d1c42dc27cd76f18d207d13a02c13f1e77225294ac6fc3ffda5cbdf28d821c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d1c42dc27cd76f18d207d13a02c13f1e77225294ac6fc3ffda5cbdf28d821c8.dll,#1
  2⤵
  PID:4880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 684
    3⤵
    - Program crash
    PID:2124

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k krnlsrvc
1⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4880 -ip 4880
1⤵
PID:2400