09115fe8e51aeecf9f0cdc660424d730a88f3e631075c81058e3db066a9c0f9d

Analysis

max time kernel
154s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 08:36

Target

09115fe8e51aeecf9f0cdc660424d730a88f3e631075c81058e3db066a9c0f9d.dll
Size

44KB
MD5

fe1ed0a57e91192088860d8002fe5bbc
SHA1

bd77ce68d6490048ca803d744586a6902cd6a1a2
SHA256

09115fe8e51aeecf9f0cdc660424d730a88f3e631075c81058e3db066a9c0f9d
SHA512

5c3647c918d95a10630e66477972de93083adb208914cc7b878d0a9dcce66accbf50d90243fcc48bdae7a635f7ceb86ca7f7c6af0c81caae1734139ba9830ec1
SSDEEP

768:Fr248VLYuVg8ZTp0V6ZozhJ+fjiB9074mxF5PtgWGeoBjy6:Fzsfm8ZTeuoKf/5lxoBu6

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4440	1460	WerFault.exe	83

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1460	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1460	1672	rundll32.exe	83
PID 1672 wrote to memory of 1460	1672	rundll32.exe	83
PID 1672 wrote to memory of 1460	1672	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09115fe8e51aeecf9f0cdc660424d730a88f3e631075c81058e3db066a9c0f9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09115fe8e51aeecf9f0cdc660424d730a88f3e631075c81058e3db066a9c0f9d.dll,#1
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:1460
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 620
    3⤵
    - Program crash
    PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1460 -ip 1460
1⤵
PID:1420