a6885291bc5317afe4ae0061a037c6f8f17dccad2f5983825ace0583572f3811

Analysis

max time kernel
155s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 21:07

Target

a6885291bc5317afe4ae0061a037c6f8f17dccad2f5983825ace0583572f3811.dll
Size

91KB
MD5

92db6d30b31dea026b5f7f561cd08456
SHA1

c9e311564fe623a1264ed02270d2c543c0d0b59a
SHA256

a6885291bc5317afe4ae0061a037c6f8f17dccad2f5983825ace0583572f3811
SHA512

9755c3400309b364670a522ccf1700b51ec4a2876ab1c508ee11d4a95f1b6c85f1d07adfb0e84fffecad9093ec28a74d727f51bd7a419f2cff22acced4d52c13
SSDEEP

1536:NCMq44d7MLRS+beDFMP9S86M8BEJp5vqaCgxC:NFIl0YiD8Bcp5v6g

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4852	2088	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2088	4376	rundll32.exe	81
PID 4376 wrote to memory of 2088	4376	rundll32.exe	81
PID 4376 wrote to memory of 2088	4376	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6885291bc5317afe4ae0061a037c6f8f17dccad2f5983825ace0583572f3811.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6885291bc5317afe4ae0061a037c6f8f17dccad2f5983825ace0583572f3811.dll,#1
  2⤵
  PID:2088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 620
    3⤵
    - Program crash
    PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2088 -ip 2088
1⤵
PID:336