9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621

Analysis

max time kernel
141s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 00:22

Target

9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621.dll
Size

189KB
MD5

c3b69337234a12d615333b76db26005f
SHA1

b99ce27ef5ec8ce09ff2a41d668a3fe3607bdc34
SHA256

9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621
SHA512

2365b13e3724f9d3e38f7529e53ff4500c5305eb0392bfda6a9027cc29a2646759d225f0f6dee5636fb6d41167155b673a01ca817fb5c25c73ac57e045de1ee4
SSDEEP

3072:Y/+ogpPrqZTXuwvjzWxpf/tvI4ZhU16TXGvaOln7YFVU8nVnqZYP70YnUCwNEHiq:VtqZTXuwvPuJlZhA4O1YbUa8Yj0YnUzO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
444	2076	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 2076	4836	rundll32.exe	78
PID 4836 wrote to memory of 2076	4836	rundll32.exe	78
PID 4836 wrote to memory of 2076	4836	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621.dll,#1
  2⤵
  PID:2076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 596
    3⤵
    - Program crash
    PID:444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2076 -ip 2076
1⤵
PID:1432