9a872d62ac1ed533be31575ce4c2a39e4ae37abb98184174df9123d8d1b5f5d0

Analysis

max time kernel
80s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 20:36

Target

9a872d62ac1ed533be31575ce4c2a39e4ae37abb98184174df9123d8d1b5f5d0.dll
Size

35KB
MD5

cab5ff1a3ad7807e1b0b613c9b7b3ded
SHA1

b882be87bf9a33c4dbfb6e49c6d736b06a4a2a97
SHA256

9a872d62ac1ed533be31575ce4c2a39e4ae37abb98184174df9123d8d1b5f5d0
SHA512

e72be03b4ed28f733a07c9cd2258e24d5b5cbdbe5beb2ab1fdf74745f3afebb4dbeb57cb47639dd556cfd13d6d1af7700290b90da2b6797908388a8296acbb36
SSDEEP

768:uKSHfsmDVMmi5ipDmjGPuX0hPS34SYsCD0cw30oM8xOR1:udHEmDVM3CmjGPuX0BS4BYcc01R1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2924	4760	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 4760	4496	rundll32.exe	81
PID 4496 wrote to memory of 4760	4496	rundll32.exe	81
PID 4496 wrote to memory of 4760	4496	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a872d62ac1ed533be31575ce4c2a39e4ae37abb98184174df9123d8d1b5f5d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a872d62ac1ed533be31575ce4c2a39e4ae37abb98184174df9123d8d1b5f5d0.dll,#1
  2⤵
  PID:4760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 580
    3⤵
    - Program crash
    PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4760 -ip 4760
1⤵
PID:3172

memory/4760-133-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download