9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75

Analysis

max time kernel
180s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 14:10

Target

9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll
Size

86KB
MD5

f7bfb717e85b2e72c696e9f9bce3509a
SHA1

1264d58faef101a7e48293da3ef7f6716b626dac
SHA256

9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75
SHA512

83dcf328e0e69adb49f8d10e4159c3627ed3bb20f76cffe83217b2fe9cbe19ef0d56a9a3772e620200e5fe4eb2f2a3659c1dfd457b1cf3e469073ba0d70d9c6f
SSDEEP

1536:9GHsh23P/ebYbI8dR1Q281+hjM9mhc1k8HyZAiCMVHvKgyEoj6Y6+:972HsojQ2vjOSL9vEEIj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3852	5044	WerFault.exe	77

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 5044	2112	rundll32.exe	77
PID 2112 wrote to memory of 5044	2112	rundll32.exe	77
PID 2112 wrote to memory of 5044	2112	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll,#1
  2⤵
  PID:5044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 596
    3⤵
    - Program crash
    PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5044 -ip 5044
1⤵
PID:4040

memory/5044-133-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download