8c675b2e94fb2b778f23933f6f3fff5d2145df43ccabe8ff716decd2e3942dba

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:44

Target

8c675b2e94fb2b778f23933f6f3fff5d2145df43ccabe8ff716decd2e3942dba.dll
Size

78KB
MD5

992d1cf894b95d98ec336446c525de19
SHA1

341debda795a4324c4bd1e933e4669c7f57756af
SHA256

8c675b2e94fb2b778f23933f6f3fff5d2145df43ccabe8ff716decd2e3942dba
SHA512

6f2415932d2ad5d9d61f6f942fda8513f6d36d5cc883d10868f9d7890fd3c830cf46bd206578180d0529da45e29045a24fb2096b350767ba7e44397f80a74dca
SSDEEP

1536:tykSDwpjP7N0/fAFl1gcTlGPs/3cj9KfGk0jmtpYa/7MZ6m+DbCl:o/uN0QFOsvs9MGk0OpYa/7MZ6mkbCl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
844	1712	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 1712	632	rundll32.exe	82
PID 632 wrote to memory of 1712	632	rundll32.exe	82
PID 632 wrote to memory of 1712	632	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c675b2e94fb2b778f23933f6f3fff5d2145df43ccabe8ff716decd2e3942dba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c675b2e94fb2b778f23933f6f3fff5d2145df43ccabe8ff716decd2e3942dba.dll,#1
  2⤵
  PID:1712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 660
    3⤵
    - Program crash
    PID:844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1712 -ip 1712
1⤵
PID:864