88a9057638669bf9ca5a9af4c98734b097a9c721b013bc2afac1c444502a5583

Analysis

max time kernel
189s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 21:40

Target

88a9057638669bf9ca5a9af4c98734b097a9c721b013bc2afac1c444502a5583.dll
Size

245KB
MD5

a15040f1eba806ec52fbe8d14794a085
SHA1

9c32100a828e9cda58f2a407a4715851efc2dbfa
SHA256

88a9057638669bf9ca5a9af4c98734b097a9c721b013bc2afac1c444502a5583
SHA512

e0fa6f0dfa51fe37e4684a8c1a0c6f1e91897eb9a194b65fc96842f44e9deda5a57fa92a6215e9b71603ced97a07e60e9acd5622f87fc7d84a1be237586d632c
SSDEEP

6144:N+ld5xourCovzZKwW+4efxHAdEGfhA27ed:Uou1vzZx46xH/Gm7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1008	224	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 224	2028	rundll32.exe	82
PID 2028 wrote to memory of 224	2028	rundll32.exe	82
PID 2028 wrote to memory of 224	2028	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\88a9057638669bf9ca5a9af4c98734b097a9c721b013bc2afac1c444502a5583.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\88a9057638669bf9ca5a9af4c98734b097a9c721b013bc2afac1c444502a5583.dll,#1
  2⤵
  PID:224
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 580
    3⤵
    - Program crash
    PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 224 -ip 224
1⤵
PID:4508