8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a

Analysis

max time kernel
178s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 00:14

Target

8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a.dll
Size

48KB
MD5

4df51b1a6aae8ef8a3ea8d6910f38594
SHA1

5873f010695c9415a7dc846a9ec5794dca0ebe75
SHA256

8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a
SHA512

5856c0ec18ea27c6e69ef5c70a8ce464285b89f776323c577492354079f1f87adbd094e9ecb2147ed82662a31e364f6bfbd38af67b1940fbea4951485fcaba36
SSDEEP

768:53sBXUGJhxPrhzWjEzw3JSSb9Y0ugQLj3tIKShfvqaEd:SBXjhx9WAzw3JS29v1mtIKShqai

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	5028	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 5028	5088	rundll32.exe	83
PID 5088 wrote to memory of 5028	5088	rundll32.exe	83
PID 5088 wrote to memory of 5028	5088	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a.dll,#1
  2⤵
  PID:5028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 608
    3⤵
    - Program crash
    PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5028 -ip 5028
1⤵
PID:4972

memory/5028-134-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download