86ae296a625f6abab01beff24713f7eb8299f46e17080e845d4d041c94d34325

Analysis

max time kernel
174s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 22:35

Target

86ae296a625f6abab01beff24713f7eb8299f46e17080e845d4d041c94d34325.dll
Size

310KB
MD5

139c6519f4e593c79f490e4967f84e53
SHA1

2c3aed3cefcb29f9b4f4d56eb618d3938bd89d16
SHA256

86ae296a625f6abab01beff24713f7eb8299f46e17080e845d4d041c94d34325
SHA512

53137a058403737fceaa637ef90771557b8b89476f5b159ab03a3d10da467d653f8d3188619ca520f1373c0956e62170d813bba402d3d31dedaf8b1daab7e848
SSDEEP

3072:1+ySFI8LGyHgjek910shDtYSZyUZis6m/wZd:1Fv8LGyHgl9m8yUZifJZ

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4528	hrl10D8.tmp

Program crash 1 IoCs

pid	pid_target	Process	procid_target
864	4528	WerFault.exe	84

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 1852	4416	rundll32.exe	83
PID 4416 wrote to memory of 1852	4416	rundll32.exe	83
PID 4416 wrote to memory of 1852	4416	rundll32.exe	83
PID 1852 wrote to memory of 4528	1852	rundll32.exe	84
PID 1852 wrote to memory of 4528	1852	rundll32.exe	84
PID 1852 wrote to memory of 4528	1852	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\86ae296a625f6abab01beff24713f7eb8299f46e17080e845d4d041c94d34325.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\86ae296a625f6abab01beff24713f7eb8299f46e17080e845d4d041c94d34325.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\hrl10D8.tmp
    C:\Users\Admin\AppData\Local\Temp\hrl10D8.tmp
    3⤵
    - Executes dropped EXE
    PID:4528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 356
      4⤵
      Program crash
      PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4528 -ip 4528
1⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\hrl10D8.tmp

Filesize
303KB

MD5
6044bddee9bf3c81b2a25d832261bf13

SHA1
1a4745437777401dcd015a34870203b39352ec70

SHA256
82cbcf9748b62a850a2c379ea8b6563502133554be3eb44ca8ff1e354ccc75fb

SHA512
09ec2efe07fee7a2aeb76c0d30061d13f09eae8c44ef7a42a58c43af77d81eadce5bcd30a45493dc396c6ad1b0f7d6da39f5f6500dffa958a2cb0dc5622d690f

Download Submit
C:\Users\Admin\AppData\Local\Temp\hrl10D8.tmp

Filesize
303KB

MD5
6044bddee9bf3c81b2a25d832261bf13

SHA1
1a4745437777401dcd015a34870203b39352ec70

SHA256
82cbcf9748b62a850a2c379ea8b6563502133554be3eb44ca8ff1e354ccc75fb

SHA512
09ec2efe07fee7a2aeb76c0d30061d13f09eae8c44ef7a42a58c43af77d81eadce5bcd30a45493dc396c6ad1b0f7d6da39f5f6500dffa958a2cb0dc5622d690f

Download Submit
memory/4528-138-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4528-139-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download