89ebc1ba305f442881c5a3d5142f9c051adb67c6cf09e85071cdca106cd5e93b

Analysis

max time kernel
112s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 21:34

Target

89ebc1ba305f442881c5a3d5142f9c051adb67c6cf09e85071cdca106cd5e93b.dll
Size

83KB
MD5

41bf853d1cb7a5f913b634fd559d963a
SHA1

c4860a9ae7dd17bfdadc35b1b96a4c7e06f27cc3
SHA256

89ebc1ba305f442881c5a3d5142f9c051adb67c6cf09e85071cdca106cd5e93b
SHA512

819f7777fc2f2b1d231ce5422f2869f1874550e3816f037d0a917207a906c07376f4a38cb515155eae798c8bee0082e38666c08a5dfc8d4df282b884efe587d5
SSDEEP

1536:l2i4DvP0Sh8uEIqJyjOtvOQnQoRetLdyqe/wrvYa7sdmMZDVDrWv:f4DvP1h8uEnmEvO2eVEqhT5sdmMZDVDi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4056	3256	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 3256	4440	rundll32.exe	78
PID 4440 wrote to memory of 3256	4440	rundll32.exe	78
PID 4440 wrote to memory of 3256	4440	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\89ebc1ba305f442881c5a3d5142f9c051adb67c6cf09e85071cdca106cd5e93b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\89ebc1ba305f442881c5a3d5142f9c051adb67c6cf09e85071cdca106cd5e93b.dll,#1
  2⤵
  PID:3256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 580
    3⤵
    - Program crash
    PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3256 -ip 3256
1⤵
PID:2368

memory/3256-132-0x0000000000000000-mapping.dmp

Download
memory/3256-133-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/3256-134-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download