88f97a513549cfffc7dea82ecd8a0ec4586ca4a4b34c7fef1fc66567bc3294a2

Analysis

max time kernel
255s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 06:04

Target

88f97a513549cfffc7dea82ecd8a0ec4586ca4a4b34c7fef1fc66567bc3294a2.dll
Size

33KB
MD5

8088b2c1af5ab4fcc98ccff6d605998d
SHA1

b2f5ad26569900327be98ea87292c6679f7e0e2a
SHA256

88f97a513549cfffc7dea82ecd8a0ec4586ca4a4b34c7fef1fc66567bc3294a2
SHA512

79d7ab6f24173f3b8fd1d998ea0834e7a5e9baa7b7ebc68c283b19b1d7791e45ec8111c57e6a3a348eabb011597f94ddd0decd0334dc4678c03dd3272743f2a8
SSDEEP

768:ShXNjmDy+rE9tlDqhTTJqUV/WRThlnMnHr2/rm:CdjmSlD+oUERVlnMnL2S

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3324	1468	WerFault.exe	81
2020	1468	WerFault.exe	81
4124	1468	WerFault.exe	81

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 32 wrote to memory of 1468	32	rundll32.exe	81
PID 32 wrote to memory of 1468	32	rundll32.exe	81
PID 32 wrote to memory of 1468	32	rundll32.exe	81
PID 1468 wrote to memory of 4124	1468	rundll32.exe	87
PID 1468 wrote to memory of 4124	1468	rundll32.exe	87
PID 1468 wrote to memory of 4124	1468	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\88f97a513549cfffc7dea82ecd8a0ec4586ca4a4b34c7fef1fc66567bc3294a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:32
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\88f97a513549cfffc7dea82ecd8a0ec4586ca4a4b34c7fef1fc66567bc3294a2.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 604
    3⤵
    - Program crash
    PID:3324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 684
    3⤵
    - Program crash
    PID:2020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 604
    3⤵
    - Program crash
    PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1468 -ip 1468
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1468 -ip 1468
1⤵
PID:1516

memory/1468-133-0x0000000038000000-0x000000003800B000-memory.dmp

Filesize
44KB

Download