8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9

Analysis

max time kernel
267s
max time network
367s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:33

Target

8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9.dll
Size

588KB
MD5

63e54d328f3c68088a6b40098d9ca1e0
SHA1

12d1c172e69f6881bc6844e36e108127021c34b4
SHA256

8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9
SHA512

604f88687059fd8ada2511f73ce94faabbb038f93d26a0a0f6b4294041977ece86bdcaad2de462124587dc74fbfacb1cfc78867b4d2eb48b0f740a1466ea62f0
SSDEEP

12288:l/WQBiD/u+cgTYegtCT4bx7Mpgd/NzF/Vdu6jcqEXMDyI:l/fB4TT4zYyNzF9duBqgxI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3844	220	WerFault.exe	80

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 220	2920	rundll32.exe	80
PID 2920 wrote to memory of 220	2920	rundll32.exe	80
PID 2920 wrote to memory of 220	2920	rundll32.exe	80
PID 220 wrote to memory of 3844	220	rundll32.exe	85
PID 220 wrote to memory of 3844	220	rundll32.exe	85
PID 220 wrote to memory of 3844	220	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f78d8927a9bbcf4865838961099cfea82c10df99aedee7265d5fd30c15673d9.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 220 -s 628
    3⤵
    - Program crash
    PID:3844

memory/220-133-0x0000000002BA0000-0x0000000002C33000-memory.dmp

Filesize
588KB

Download
memory/220-137-0x0000000001330000-0x00000000013AF000-memory.dmp

Filesize
508KB

Download