840a609768429c36b8a40d607c15455b1faa0f8f424ccb56dea8160d84bab909

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 22:03

Target

840a609768429c36b8a40d607c15455b1faa0f8f424ccb56dea8160d84bab909.dll
Size

180KB
MD5

e85985e115602813201713e09104e07f
SHA1

afdf99dc1c73c7a21916838aa279f1659b7028f1
SHA256

840a609768429c36b8a40d607c15455b1faa0f8f424ccb56dea8160d84bab909
SHA512

25ed366d188bfcc43902def653dfa40fae2233f31d872f1c43154a5ff2fb94e1586eeecab1b61dc184a8fbf6362d5dcf123555321e36d537076f3432e172b3e6
SSDEEP

3072:EuMX3+I7Dn9qpDL4DZ91oDT5xO2q4jEJyKx5b+qGJ6ayZLhzJWft:1+wpoDiLxYP5KqGcZLhE

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3596	4636	WerFault.exe	80
1592	4636	WerFault.exe	80

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4636	5044	rundll32.exe	80
PID 5044 wrote to memory of 4636	5044	rundll32.exe	80
PID 5044 wrote to memory of 4636	5044	rundll32.exe	80
PID 4636 wrote to memory of 3596	4636	rundll32.exe	83
PID 4636 wrote to memory of 3596	4636	rundll32.exe	83
PID 4636 wrote to memory of 3596	4636	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\840a609768429c36b8a40d607c15455b1faa0f8f424ccb56dea8160d84bab909.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\840a609768429c36b8a40d607c15455b1faa0f8f424ccb56dea8160d84bab909.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 612
    3⤵
    - Program crash
    PID:3596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 612
    3⤵
    - Program crash
    PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4636 -ip 4636
1⤵
PID:392

memory/4636-133-0x0000000000D40000-0x0000000000D56000-memory.dmp

Filesize
88KB

Download
memory/4636-134-0x00000000013C0000-0x00000000013F0000-memory.dmp

Filesize
192KB

Download
memory/4636-138-0x0000000000D40000-0x0000000000D56000-memory.dmp

Filesize
88KB

Download