8de655443686fa1779259ab16f9f721a817df766aa7a0ba4740d4c5e34a830ef

Analysis

max time kernel
183s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 06:00

Target

8de655443686fa1779259ab16f9f721a817df766aa7a0ba4740d4c5e34a830ef.dll
Size

370KB
MD5

031f53d0377bb666fa3dd17786d08986
SHA1

1aaf0d5c51ea250b4013a8ec31b2c2517d777ea1
SHA256

8de655443686fa1779259ab16f9f721a817df766aa7a0ba4740d4c5e34a830ef
SHA512

bab83d914df3b1d19c3083440acbd20226543feaae70c949f5068f81a6c3a832a5951bcf5ba4ca9930ba58f3c44354a92249462db7a63f27c190acec4bbee3b0
SSDEEP

6144:97RrfGlr9V9t1j1yljoB6EnpeRfxkKquLmd64RMzO7d5XwUCnNvU7zmR:Bc3Xj1qjK6EMquLmdDRMzO7d5gUCNvqO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3496	1984	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1984	5072	rundll32.exe	79
PID 5072 wrote to memory of 1984	5072	rundll32.exe	79
PID 5072 wrote to memory of 1984	5072	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8de655443686fa1779259ab16f9f721a817df766aa7a0ba4740d4c5e34a830ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8de655443686fa1779259ab16f9f721a817df766aa7a0ba4740d4c5e34a830ef.dll,#1
  2⤵
  PID:1984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 580
    3⤵
    - Program crash
    PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1984 -ip 1984
1⤵
PID:3272