9025d7b18fa384c863a4ad3c199276fa549556787467ae8a6dae79ede3eab0aa

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 01:24

Target

9025d7b18fa384c863a4ad3c199276fa549556787467ae8a6dae79ede3eab0aa.dll
Size

149KB
MD5

d3fe6a2bc4e05d764e0457306e0d4820
SHA1

95f457770633ceb23b9c7ab3b655a51d459d32a0
SHA256

9025d7b18fa384c863a4ad3c199276fa549556787467ae8a6dae79ede3eab0aa
SHA512

00d419d1a9dfb1d67dbe431446debabd6627d7b2d8bacdc95ac6039d6382d4e7dfa21a510a9f16d80b3ca7456884df56d34f0f4d27a7826febd906b0071fff00
SSDEEP

3072:9lEJQs4qPKM5B0/L33joz5bJ1D7s/p9G9UN8vizAOuLhCtaY/E:9lEisRKM5OTzo79sTqSGqVwh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
868	4148	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 4148	2640	rundll32.exe	83
PID 2640 wrote to memory of 4148	2640	rundll32.exe	83
PID 2640 wrote to memory of 4148	2640	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9025d7b18fa384c863a4ad3c199276fa549556787467ae8a6dae79ede3eab0aa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9025d7b18fa384c863a4ad3c199276fa549556787467ae8a6dae79ede3eab0aa.dll,#1
  2⤵
  PID:4148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 572
    3⤵
    - Program crash
    PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4148 -ip 4148
1⤵
PID:3708