6f8877f80d07c712f21aae7a7d4a725da9635763032a60730b45c2de0ad9d2dc

Analysis

max time kernel
180s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 03:27

Target

6f8877f80d07c712f21aae7a7d4a725da9635763032a60730b45c2de0ad9d2dc.dll
Size

173KB
MD5

7fa701d7254696d659b3d5738a22f950
SHA1

1afcb90a0190c2c44f3ffff29467b8feb6f9c47a
SHA256

6f8877f80d07c712f21aae7a7d4a725da9635763032a60730b45c2de0ad9d2dc
SHA512

1685f0151714f12dc86adeccf786a65097d5c6d113d6f9145e7600dec645adf4200979ec2ba031c22dcc3e50d40ae1aca7c80163baef86a398c262e8c25f09ca
SSDEEP

3072:/mE33WD1NATx0Asa00KHDCyibxUUvSUopIpHyMsjq8+Ui1Tx1ta+5:/mq3cNATuAd0vHDCy81J7QExbj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3724	208	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 208	4248	rundll32.exe	82
PID 4248 wrote to memory of 208	4248	rundll32.exe	82
PID 4248 wrote to memory of 208	4248	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f8877f80d07c712f21aae7a7d4a725da9635763032a60730b45c2de0ad9d2dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f8877f80d07c712f21aae7a7d4a725da9635763032a60730b45c2de0ad9d2dc.dll,#1
  2⤵
  PID:208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 548
    3⤵
    - Program crash
    PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 208 -ip 208
1⤵
PID:3876

memory/208-132-0x0000000000000000-mapping.dmp

Download
memory/208-133-0x0000000001180000-0x0000000001199000-memory.dmp

Filesize
100KB

Download