9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea

Analysis

max time kernel
91s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 01:47

Target

9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea.dll
Size

63KB
MD5

4a0c9bc835dfea6c48a68c4d84e28b09
SHA1

7eb55bf18c8d3265e64619409056ac8807a5b410
SHA256

9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea
SHA512

66d885a20410725828293f747ca361dd3c34cd1894f6e18f4fb9eb50527fa2af2e8f831d21f048ab4257c4d69e9daa0b6cb47f79322cff56e084250b91b4bbe8
SSDEEP

768:SSA2MMirU0Fi1B5NrH6TJF4SJ1g8Xdq6RwBVlJ0GIEHFn:SSVVoinb76TJ3JmUQLlO+ln

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1768	3144	WerFault.exe	76

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 3144	3544	rundll32.exe	76
PID 3544 wrote to memory of 3144	3544	rundll32.exe	76
PID 3544 wrote to memory of 3144	3544	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a7a6e2a4e640c0c69a5754e356f3a9d30c492b7794457a0031eb28d43a72dea.dll,#1
  2⤵
  PID:3144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 624
    3⤵
    - Program crash
    PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3144 -ip 3144
1⤵
PID:2536